Zero-Day in Third-Party Software: How a Few Lines of Code Brought Down a Service with 3.1 Million IT Items
Thousands of companies were left without supply data.
Thousands of companies were left without supply data.
The British company Stock in the Channel (STIC), which provides a digital platform for monitoring IT equipment availability and pricing, reported a cyberattack that caused a large-scale disruption of its service. According to the organization, the attack occurred on the evening of August 12 and was carried out by a technically skilled hacker group that exploited a zero-day vulnerability in one of the third-party applications.
STIC specializes in providing information on more than 3.1 million IT products from 34 distributors. The platform is used in 22 countries, with over 60,000 registered users and around 25,000 corporate clients across Europe, North America, and Australia. Most of its clients are integrators and resellers.
The company’s servers were shut down on the night of the attack, and the site remained unavailable the following day. However, email and phone lines continued to function. STIC representatives stated that the incident caused serious damage to the infrastructure, but there were no signs of customer data leaks, and all critical information was restored.
The company clarified that the service is currently partially operational, but product availability and pricing data may be outdated. Full recovery efforts are ongoing. According to STIC, internal disaster recovery (DR) procedures were activated immediately after the attack, allowing the website to return online in less than 24 hours.
Developers at Tigren, who previously worked with the company, describe STIC as a “search engine for IT products” within supply channels, which under normal conditions not only allows users to compare prices and availability but also sell equipment through the platform.
On August 15, the company published its first official statement, noting that its priority was the rapid restoration of service operations rather than immediate client notification about the disruption. Messages explaining the incident were sent out to customers.
In a more recent status update on the STIC website, the company confirmed that systems are currently operational, including real-time updates of product availability and pricing. However, it has not yet announced full recovery, as additional testing and verification are underway to ensure the reliability and security of all services. In the statement, STIC thanked its team for their round-the-clock efforts to restore and strengthen the systems, and its customers for their patience and support.
