Malware
iOttie Reveals Data Breach Resulting from Site Hack: Credit Card Information Stolen
iOttie, a popular mobile accessories brand, has suffered a data breach after hackers infiltrated its website to steal customers’ credit card information. The company has disclosed the incident and is urging customers who made purchases on its site between January 1 and May 19, 2021, to check their bank statements for any suspicious activity. iOttie has also offered free identity protection services to affected customers.
What Were the Consequences of Discord’s Support Agent Hack?
The recent discord data breach reveals support agent hack has resulted in severe consequences for both Discord and its users. User trust has been shattered as hackers gained unauthorized access to sensitive information, including user emails, passwords, and IP addresses. This breach highlights the importance of robust cybersecurity measures and serves as a stark reminder of the potential vulnerabilities in online platforms.
iOttie’s Online Store Hacked, Customer Credit Card Data Stolen
IT Services company, iOttie, which manufactures mobile device car mounts, chargers, and accessories, has issued a data breach notification warning its customers that their credit card details and personal information may have been stolen by hackers. The breach occurred between April 12th, 2023, and June 2nd, when malicious scripts were inserted into the company’s WordPress site, allowing customer data to be skimmed. The hackers were able to compromise the site as a result of a vulnerability in one of its WordPress plugins. On June 2nd, during a routine WordPress/plugin update, the malicious code was removed.
iOttie believes that criminal e-skimming occurred throughout the two-month period, and that customers’ names, personal information, and payment information, including financial account numbers, credit and debit card numbers, security codes, access codes, passwords, and PINs, could have been stolen. The company has not disclosed how many customers were impacted.
The attack on iOttie’s site is known as MageCart, where threat actors exploit vulnerabilities in online stores to inject malicious JavaScript into checkout pages. The script then steals any credit card information submitted by shoppers, which is then used to conduct financial fraud, identity theft, or sold on dark web marketplaces. Due to the sensitive nature of the information potentially exposed in the attack, all iOttie customers who made purchases between April 12th and June 2nd should monitor their credit card statements and bank accounts for any fraudulent activity.
WordPress is one of the most frequently targeted website platforms by threat actors, with vulnerabilities often found in plugins that allow complete takeovers of sites or malicious code injection into WordPress templates. Recently, hackers have been exploiting vulnerabilities in a range of WordPress plugins, including cookie consent banners, Advanced Custom Fields, and Elementor Pro.