The malicious code remained undetected on the site for more than 8 months.
More than 200,000 buyers of blinds and window decorations have experienced a data breach - hackers stole their credit card details and personal information using malware implanted on the website of a major online retailer.
According to documents provided by SelectBlinds in California and Maine, employees discovered the malware on September 28, but it has been on the site since at least January 7. The attackers injected malware into the checkout page, which made it possible to collect user data during authorization on the site.
The investigation found that the leak affected usernames and passwords, as well as names, email addresses, phone numbers, shipping and billing addresses. In addition, hackers gained access to payment card numbers, their expiration dates, and CVV codes. In total, 206,238 customers were affected by the incident.
To prevent further incidents, the company blocked all accounts and strongly recommended that customers change their passwords. Skimmer has been removed from the site entirely. Particular attention is paid to users who use the same passwords on different resources. They were asked to immediately update their login details to avoid further leaks.
Skimmer attacks have long been a favorite method of cybercriminals to steal data from payment pages of websites. Hackers often inject malicious JavaScript code on vulnerable resources, intercepting bank card data and personal information entered by users when placing orders. The collected data is then sold on the dark web for use in fraudulent schemes.
SelectBlinds is an online retailer of blinds and other window accessories based in Chandler, Arizona. The company is a subsidiary of the Dutch manufacturer Hunter Douglas, specializing in the production of blinds and window coverings. The company has more than 140 employees, and annual revenue reaches about $200 million.
Recall that in October, Jscrambler specialists discovered a new digital skimming campaign that uses Unicode characters, many of which are invisible, to hide malicious code called Mongolian Skimmer. The main purpose of the skimmer is to steal sensitive data entered on the checkout pages of online stores, including financial information.
And in August, it became known that during a recent cyberattack on a large number of online stores using the Magento platform, a skimmer was introduced into the sites, which stole customers' payment card data, including card number, expiration date, and CVV/CVC code. Malwarebytes experts explained in detail how hackers managed to steal information.
Source
More than 200,000 buyers of blinds and window decorations have experienced a data breach - hackers stole their credit card details and personal information using malware implanted on the website of a major online retailer.
According to documents provided by SelectBlinds in California and Maine, employees discovered the malware on September 28, but it has been on the site since at least January 7. The attackers injected malware into the checkout page, which made it possible to collect user data during authorization on the site.
The investigation found that the leak affected usernames and passwords, as well as names, email addresses, phone numbers, shipping and billing addresses. In addition, hackers gained access to payment card numbers, their expiration dates, and CVV codes. In total, 206,238 customers were affected by the incident.
To prevent further incidents, the company blocked all accounts and strongly recommended that customers change their passwords. Skimmer has been removed from the site entirely. Particular attention is paid to users who use the same passwords on different resources. They were asked to immediately update their login details to avoid further leaks.
Skimmer attacks have long been a favorite method of cybercriminals to steal data from payment pages of websites. Hackers often inject malicious JavaScript code on vulnerable resources, intercepting bank card data and personal information entered by users when placing orders. The collected data is then sold on the dark web for use in fraudulent schemes.
SelectBlinds is an online retailer of blinds and other window accessories based in Chandler, Arizona. The company is a subsidiary of the Dutch manufacturer Hunter Douglas, specializing in the production of blinds and window coverings. The company has more than 140 employees, and annual revenue reaches about $200 million.
Recall that in October, Jscrambler specialists discovered a new digital skimming campaign that uses Unicode characters, many of which are invisible, to hide malicious code called Mongolian Skimmer. The main purpose of the skimmer is to steal sensitive data entered on the checkout pages of online stores, including financial information.
And in August, it became known that during a recent cyberattack on a large number of online stores using the Magento platform, a skimmer was introduced into the sites, which stole customers' payment card data, including card number, expiration date, and CVV/CVC code. Malwarebytes experts explained in detail how hackers managed to steal information.
Source
