Important Security Information: Please set a new password (Login reset)

We are informing you about a security incident in our online shop kirstein.de. As a precautionary measure, we have reset customer logins – your previous password is no longer valid.

What happened?

On 27/02/2026 at 17:05, we detected a security-related irregularity. We responded immediately: from 17:10 the shop was running in maintenance mode, and at 17:20 we took the shop completely offline. A cyberattack occurred in connection with a module of our online shop. The identified cause was resolved and additional protective measures were activated.

Which data may be affected?

Based on current findings, it cannot be ruled out that login credentials for shop accounts may have been affected. This may have resulted in your email address being disclosed to unauthorized parties. However, your password was not stored in plain text, but as a non-readable verification value (hash). The password cannot be easily derived from this.

According to our current investigations, there is no evidence that address data or other customer data (e.g. delivery/billing addresses, order or payment data) were affected.

Were payment data affected?

No. We do not store bank/credit card data or login credentials for payment services. Payment processing is carried out via external payment service providers (e.g. PayPal, Amazon Pay, easyCredit) – payment data were therefore not affected.

What immediate measures did we take?

We reacted immediately, secured and reviewed systems, and preserved evidence/log files. In addition, the responsible authorities were informed (data protection officer, police, data protection supervisory authority).

As a precautionary measure, we have:

  • closed the security vulnerability and strengthened protection mechanisms/monitoring
  • terminated active logins/sessions
  • reset customer logins

What do you need to do now? (important)

For your own security, we ask you to set a new password:

  • Open your browser and access kirstein.de directly – please do not use links from emails. Use the function Forgot password? on the login page.
  • If you have used this password elsewhere: please change it there as well.
  • Use a new, unique password (ideally with a password manager).

Why is this important if passwords were not stored in plain text?

Passwords are stored as verification values (hash values). Nevertheless – depending on password strength – it cannot be ruled out that passwords could be guessed or derived through automated methods. Therefore, we enforce a reset and strongly recommend not reusing passwords.

Important note: Beware of fraudulent messages (phishing)

We recommend exercising particular caution in case of unexpected contact attempts and not disclosing any sensitive information.

  • We will never ask you for your password.
  • The only official sender domain is @kirstein.de.
  • Please enter your login credentials only directly on kirstein.de.

Contact

For questions regarding the data protection incident, please contact: [email protected].

If you have only ordered as a guest or never set a password, no password action is required – however, please read the phishing information carefully.

We sincerely regret this incident. Your security is our highest priority. Therefore, we are informing you transparently and have taken immediate measures to protect your account and better prevent similar incidents in the future.

Musikhaus Kirstein