Zero-Day Attack Takes Down Stock in the Channel, Disrupting IT Supply Chain
The British company Stock in the Channel (STIC), which provides a digital platform for monitoring the availability and pricing of IT equipment, has reported a cyberattack that caused a large-scale disruption of its services. According to the organization, the attack occurred on the evening of August 12 and was carried out by a technically sophisticated hacker group that exploited a zero-day vulnerability in a third-party application.
STIC specializes in aggregating information on more than 3.1 million IT products from 34 distributors. Its platform operates in 22 countries, serving over 60,000 registered users and approximately 25,000 corporate clients across Europe, North America, and Australia—primarily integrators and resellers.
The company’s servers were taken offline on the night of the attack, and the website remained inaccessible the following day, although email and phone lines continued to function. STIC representatives stated that the incident inflicted significant damage on the company’s infrastructure. However, no evidence of customer data leakage was found, and all mission-critical information was successfully restored.
The company clarified that the service is currently operational in part, though product availability and pricing data may be outdated. Full recovery efforts are ongoing. STIC reported that its disaster recovery (DR) procedures were activated immediately after the breach, enabling the platform to return online in under 24 hours.
Tigren, a developer that has previously partnered with the company, describes STIC as a “search engine for IT products” within supply chains—one that under normal conditions allows users not only to compare availability and prices but also to sell equipment through the platform.
On August 15, STIC issued its first official statement, emphasizing that restoring the service swiftly had taken precedence over immediately informing customers about the disruption. Clients were subsequently sent messages explaining the incident.
In a more recent update on its website, STIC confirmed that all systems are currently running, including real-time updates for product availability and pricing. However, the company has refrained from declaring full restoration, as further testing and verification are underway to ensure the reliability and security of all services. In its statement, STIC expressed gratitude to its team for working tirelessly around the clock to rebuild and strengthen systems, and to its customers for their patience and continued support.
