Hackers are exploiting a weakness in an Ikea dressers to install a malicious code that sends emails to the remote computers of an estimated 50 million customers in the U.S. and around the world, according to researchers.
The attacks were first reported Wednesday by security firm Kaspersky Lab, which also identified the flaw as a “vulnerability in the underlying firmware” for the company’s own servers.
The flaw is not yet fixed.
The company is investigating the breach, but did not immediately provide details.
The problem is only a minor vulnerability, and does not pose a major threat to the company, the researchers said in a blog post.
A second vulnerability could allow remote attackers to remotely install the same malicious code.
The researchers said they discovered the flaw after they successfully hacked the IKEa system with a small laptop computer in the Philippines.
The hackers also managed to remotely wipe the devices of hundreds of IKEas, but only one of those victims has reported having seen an email from the compromised IKEash.com email account.
A Kasperskapublic employee who has not used the company system reported the hack to the security firm, which notified the U,S.
Office of the Director of National Intelligence, which is conducting a probe into the incident.
The email was sent in early June and sent to several users who were not connected to the affected servers, Kasperski said.
The emails contain a malicious link that leads users to a website that asks them to download an exploit code, then to download a Trojan that installs the malware on their computers.
Once installed, the Trojan downloads an unsigned version of Adobe Reader, which then infects their computer.
The Trojan then attempts to decrypt the email before the email’s recipients can receive a response.
The victims of the hack have not been identified.
Kasperska has found that an IKEassistant.com website, which was set up in the middle of June, is vulnerable to similar attacks.
In the past, attackers have targeted servers in Europe and the U.