BreachExchange mailing list archives
UK Activewear Retailer Sweaty Betty Falls Prey To Magecart Attack
From: Destry Winant <destry () riskbasedsecurity com>
Date: Fri, 6 Dec 2019 08:45:20 -0600
https://latesthackingnews.com/2019/12/05/uk-activewear-retailer-sweaty-betty-falls-prey-to-magecart-attack/ The Magecart attackers seem very active these days. Carrying on with their malicious campaign, they have once again preyed on an eCommerce website. This time, the victim appears to be the UK retailer Sweaty Betty that resulted in the breach of customers details. Sweaty Betty Suffered Magecart Attack Reportedly, the UK-based activewear retailer Sweaty Betty has fallen prey to a cyber attack. Sweaty Betty disclosed that their e-store suffered a Magecart attack. Consequently, the site exposed customers’ information including payment card details to the attackers. As revealed through their emails sent to customers, the e-commerce site remained under attack for about a week. Specifically, the malicious data-stealing code existed on the website’s checkout page from November 19, 2019, to November 27, 2019. During this period, the attackers managed to pilfer data from customers registering new payment cards on the site. This is something in line with Magecart codes that work on newly registered details. Thus, the customers who had already saved their card details on the site, or those using some other payment method remained safe during the attack. The breached details include customers’ names, account passwords, email addresses, billing and shipping addresses, phone numbers, payment card numbers with CVV numbers and expiry dates. Security Measures From The Retailer After the incident, Sweaty Betty sent email notices to the victims alerting them of the breach. However, they didn’t upload any such information on their site. Thus, making it difficult for users to verify the authenticity of the emails and their contents. Eventually, the news surfaced online after the customers took to twitter while sharing the emails they received apparently from the firm. While their site is already up and running, as usual, it seems the most affected are customers who have registered recently with the site. Therefore, users should stay alert with regard to suspicious bank transactions, particularly, those who have registered their cards on the website during the period affected by the breach. Recently, Magecart also attacked the popular fashion store Macy’s where the attack also lasted for about a week. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- UK Activewear Retailer Sweaty Betty Falls Prey To Magecart Attack Destry Winant (Dec 06)