BreachExchange mailing list archives
AeroGarden maker says hacker stole months of credit card data
From: Destry Winant <destry () riskbasedsecurity com>
Date: Tue, 9 Apr 2019 01:01:06 -0500
https://techcrunch.com/2019/04/05/aerogarden-credit-card-breach/ Bad news for home gardeners: criminals might have your credit card data. AeroGrow, the maker of the at-home garden kit AeroGarden, said in a letter to customers that its website had credit card scraping malware for more than four months. The company said anyone who bought something through its website between October 29, 2018 and March 4, 2019 had their credit card number, expiration date and card verification value — also known as a security code — stolen by the malware. In most cases, that’s all someone would need to make fraudulent purchases, It’s the latest in a string of high-profile malware attacks targeting websites in the past year. Attackers often will find a vulnerability in the website running a company’s shopping cart and inject code that scrapes credit card data once it is entered into the form on the site. That data gets siphoned off and sent to a server controlled by the attacker. Because the code is running on the page, there’s no discernible or obvious way to tell if a website is affected. One of the more well-known hacker groups includes Magecart, a collective of different hackers of varying skill sets, which attack websites large and small. In the past year, the hacker groups have targeted Ticketmaster, British Airways and consumer electronics giant Newegg — and many more. AeroGrow didn’t say how many customers were affected. We’ve reached out and will update if we hear back. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- AeroGarden maker says hacker stole months of credit card data Destry Winant (Apr 09)