IT breaches at asgoodasnew and Kirstein: Possible attack wave on Oxid eShop

The companies asgoodasnew and Kirstein have informed their customers about IT incidents in their online shops via email. Common to both is the Oxid eShop system used, which may currently be experiencing an attack wave. It is now clear that a payment module exhibits the security vulnerability.

The musical instrument mail-order company Kirstein points this out on its website regarding the IT security incident. According to the company, on February 27, 2026, it noticed “a security-relevant anomaly” and initially put the online shop into maintenance mode, taking it completely offline about 15 minutes after becoming aware of it. The cyberattack is “related to a module” of the online shop (currently Oxid eShop Enterprise Edition Version 6). The security vulnerability has been closed, and security mechanisms and monitoring have been strengthened – however, Kirstein does not provide more detailed information.

The attackers may have gained access to login credentials for the online shop, according to Kirstein, meaning email addresses and possibly password hashes – however, the latter cannot be easily reversed into the password. There is currently no indication that further address data and customer information, such as delivery and billing addresses or order and payment data, are affected. For security reasons, Kirstein has ended active sessions and reset customer logins, requiring customers to set new passwords. Kirstein also warns customers about possible phishing with fake messages: genuine emails exclusively come from the @kirstein.de domain, the company does not ask for passwords, and finally, customers should only enter login details on the correct kirstein.de domain.

Another online shop cracked

The website of asgoodasnew does not provide a version number for the Oxid eShop system used. However, in emails to customers, the company refers to the manufacturer and explains that the online shop was compromised by a targeted cyberattack on March 1, 2026. asgoodasnew becomes a bit more specific; however, however: other online shops are also affected; the security vulnerability affects a third-party payment module for the system. Attackers were thus able to gain access to the database. The start-up does not specify which payment module from which provider is specifically vulnerable.

According to current findings, master data such as name and address, as well as email address, order history, and password hashes, are impacted by the data leak at asgoodasnew. asgoodasnew also warns of targeted phishing, which can be made more credible with this data. For security reasons, customers are advised to use the “Forgot password” function on the website to reset their password. Unlike Kirstein, however, the website provides no information about the IT incident.

Oxid eShop: Vulnerability found, customer information planned

However, the manufacturer of the Oxid eShop system was able to shed some light on the matter. Oxid informed us by phone that the company plans to send an email to potentially affected customers this Thursday, informing them about a security vulnerability in the Klarna payment module. A patch is reportedly already available. The email is also intended to contain specific instructions for closing the security gap. Shop operators who have not yet received any information should at least deactivate or remove the Klarna module until then and examine their system for traces of unauthorized access. Currently, we are not aware of any indicators of compromise (IOC). We will supplement this report if necessary when information becomes available.

(dmk)