Brazilian retail giant confirms cyberattack after extortion group takes over Twitter account

Brazilian retail giant Fast Shop has regained control of its Twitter account after hackers took it over and sent several messages about a cyberattack.

The Sao Paulo-based retail company has more than 80 physical locations across Brazil and brought in a revenue of more than $430 million last quarter. 

But on Wednesday, hackers took over the company’s Twitter account and said they had been launching “an extortion attack” on Fast Shop’s IT and cloud systems. 

“We have gained access to some TB's of your data from VCenter and various cloud services, AWS, AZURE, IBM GITLAB. The data includes source codes, PCI data, various user and corporate data,” the hackers wrote from the hijacked account. 

“We are happy to negotiate with you to prevent the leakage of this data and to help resolve the issues.”


A screenshot of the Tweets, which were later deleted. (Credit: Felipe Payão)

The hackers provided a link to a Telegram channel where they wanted Fast Shop officials to negotiate a ransom. The threat actors also managed to pin another tweet to the top of the company’s profile claiming stores would be closed for a number of days. 

It is unclear which extortion group was behind the attack

In a statement to The Record, Fast Shop PR manager Carina Eguia said the company “identified unauthorized access to the company's information systems” and “activated security protocols.”

The website and app were shut down as the company tried to retake control of its platforms, Eguia said. 

“At this moment, the website and app are already restored and working normally. Fast Shop guarantees that all stores remain open and operate regularly,” she explained.

“The company emphasizes that all databases are under strict security processes and there was no evidence of damage to our customers' data."

The company later released the same message publicly.

In recent months, ransomware and extortion groups have made a point of going after supermarkets and retailers. 

The largest supermarket chain in Trinidad struggled to recover from a cyberattack that caused outages at all of its locations throughout the country in May.

One of the largest supermarket chains serving multiple countries across southern Africa was hit with ransomware last week

Last July, one of Sweden’s largest supermarket store chains, Coop, was forced to shut down nearly 800 stores across the country after one of its contractors was hit by ransomware in the aftermath of the wide-ranging Kaseya security incident.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.