The company warned its customers about possible suspicious activity with their bank cards.
SCUF Gaming International, a major manufacturer of custom gaming PCs and console controllers, notified its users that in February of this year, attackers hacked its website and introduced a malicious script that steals bank card data.
SCUF Gaming users have fallen prey to web skimming, also known as e-skimming, digital skimming, or the Magecart attack. In the course of such attacks, attackers inject JavaScript scripts (so-called skimmers or Magecart scripts) into compromised online stores, which allow them to collect and steal payment and personal data of customers. Typically, the stolen information is then sold on hacking or carding forums or used for fraudulent purposes.
In this case, the script was injected into the online store SCUF Gaming after hackers gained access to the company's backend server on February 3 using credentials belonging to a third-party vendor. Three weeks later, on February 18, the payment processor notified SCUF Gaming of unusual activity related to in-store credit cards. A month later, a skimmer was discovered on the site, which was subsequently removed.
"The investigation found that orders processed through PayPal were not compromised, and the incident is limited to payments and attempted payments using credit cards between February 3 and March 16," the company said in a notice sent to affected users.
According to the notification, the names and surnames of cardholders, their email and billing addresses, card numbers, their expiration dates and CVVs could have been compromised.
The notification did not indicate the number of victims, but a letter to the attorney general says that the incident affected 32,645 people.
"This notification does not mean that fraud with your account has already taken place. You should monitor your account and notify the card issuer of any unusual or suspicious activity. As a precautionary measure, we recommend that you request a new payment card number from the issuer, "the notification says ...
SCUF Gaming International, a major manufacturer of custom gaming PCs and console controllers, notified its users that in February of this year, attackers hacked its website and introduced a malicious script that steals bank card data.
SCUF Gaming users have fallen prey to web skimming, also known as e-skimming, digital skimming, or the Magecart attack. In the course of such attacks, attackers inject JavaScript scripts (so-called skimmers or Magecart scripts) into compromised online stores, which allow them to collect and steal payment and personal data of customers. Typically, the stolen information is then sold on hacking or carding forums or used for fraudulent purposes.
In this case, the script was injected into the online store SCUF Gaming after hackers gained access to the company's backend server on February 3 using credentials belonging to a third-party vendor. Three weeks later, on February 18, the payment processor notified SCUF Gaming of unusual activity related to in-store credit cards. A month later, a skimmer was discovered on the site, which was subsequently removed.
"The investigation found that orders processed through PayPal were not compromised, and the incident is limited to payments and attempted payments using credit cards between February 3 and March 16," the company said in a notice sent to affected users.
According to the notification, the names and surnames of cardholders, their email and billing addresses, card numbers, their expiration dates and CVVs could have been compromised.
The notification did not indicate the number of victims, but a letter to the attorney general says that the incident affected 32,645 people.
"This notification does not mean that fraud with your account has already taken place. You should monitor your account and notify the card issuer of any unusual or suspicious activity. As a precautionary measure, we recommend that you request a new payment card number from the issuer, "the notification says ...
