HQ/EMEAFind out how we can help your business
iOttie, a car mount and mobile accessory manufacturing company, confirmed a data breach incident on its website. The attack compromised the online shoppers’ personal and credit card information.
Based on reports, the attackers could have stolen the earlier-mentioned information during their attack. Moreover, the company released a new data breach notification earlier this week.
They discovered earlier this month that the attackers compromised their online store between April and June with malicious scripts. The breach notification also stated that the criminal e-skimming operation happened from April 12 to June 2. However, after updating a WordPress plugin, their security team removed a malicious code during the last intrusion day.
Unfortunately, the actors could have still harvested their customers’ credit card information to purchase their product on their website.
iOttie has yet to reveal the exact number of affected customers.
Researchers revealed that iOttie company has not yet confirmed how many customers suffered from the attack. The attack could have acquired troves of data, such as names, payment information, financial account numbers, security codes, access codes, PINs, passwords, and credit and debit card numbers.
Experts explained that this incident was a MageCart campaign. This is an operation where threat actors hack online stores to inject malicious JavaScript into checkout web pages. The malicious script in the attack could steal the provided data and exfiltrate it to an attacker-controlled server when a shopper submits their credit card info on the compromised webpage.
Subsequently, these actors could utilise the details to execute financial fraud, scam, and identity theft campaigns. In addition, they could also sell the data to other malicious groups on dark web marketplaces.
The car accessory manufacturing company has yet to disclose how it suffered the breach. However, researchers suspect the attackers could have exploited their WordPress website via the WooCommerce merchant plugin.
WordPress has recently become a commonly targeted platform by different threat groups. The threat actors could have discovered a flaw within the plugins that enabled them to take control of the iOttie website.
Currently, the main clue of the attack is that the company removed a malicious code through a plugin update. Hence, the attackers could have breached the website using a known flaw within the company’s employed WordPress plugin.
