HQ/EMEAFind out how we can help your business
SelectBlinds customers who purchased housing upgrades, such as blinds or window coverings, are allegedly affected by a malware campaign resulting in data theft.
According to reports, over 200,000 people who purchased such products this year had their credit card information and other personal information stolen after hackers installed malware on the retailer’s website.
A breach notification filed this week by the company to California and Maine stated that a company found the virus on September 28 and learned it had been on the firm website since at least January.
An alleged threat actor has installed a malware strain on the SelectBlinds website, scraping data and credentials.
SelectBlinds explained that an unauthorised third party launched malware on its website. This incident has resulted in scraping its stored data on logins on the check-out page.
The company disclosed that its analysis revealed that the attack compromised the SelectBlinds website’s login and password credentials. Hence, if a user has recently used the site and its check-out page while making or considering a purchase, it is highly likely that the attack could have scrapped its data.
Furthermore, the company considers that the hackers may have gained other details, such as names, emails, shipping and billing addresses, phone numbers, payment card numbers, expiration dates, and security/CVV codes.
As a precautionary measure, the company deliberately locked its user accounts to force its customers to reset their passwords. Also, the company insisted that they have already removed the malware from its website. This incident has been a common headache for online stores since hackers have long placed software known as e-skimmers into popular shopping websites, harvesting hundreds of thousands to millions of credit card numbers and other information.
Generally, hackers breach vulnerable websites by inserting malicious code, like JavaScript, into check-out pages or other areas of the site where payment information is present. This code intends to collect sensitive information, especially credit card numbers, CVV codes, and personal information consumers enter during check-out.
Therefore, potentially affected SelectBlinds customers should reset their passwords and be wary of unsolicited communications, such as phishing and social engineering campaigns, as unauthorised individuals may have already acquired essential information.
