The iOttie Breach: Shoppers’ Credit Cards at Huge Risk
When cybercriminals decide to target an individual/company, they don’t just go after random entities. As we always say, the bigger the company, the more beneficial their attack will be. And that’s exactly the case with the recent incident that car mount and mobile accessory manufacturer iOttie is going through.
A lot of data breaches are happening almost every day. However, while most of these incidents target personal information, few of them manage to reach credit card data. In this particular attack, that’s the threat actor’s main goal.
IOttie is one of the most popular manufacturers of mobile device car mounts, chargers, and accessories. Such a breach can have a huge impact, as MageCart attacks tend to cause too much damage. What information is provided about the incident? Here’s what we know.
iOttie Breach – Another MageCart Attack
Cyber attacks occur in various forms depending on the threat actors behind them. Some come in phishing attacks, while others, like the one in question, are MageCart.
The primary focus of a MageCart attack is to siphon credit card details from the checkout pages of digital commerce websites.
This form of attack is becoming more popular every day. In fact, a month ago, cybercriminals used legitimate logos to replicate compromised stores and hijack the checkout pages.
Now, iOttie released a new data breach notification, informing customers that it has suffered a breach.
Apparently, the attack has been in place for approximately two months, when malicious scripts were found on the company’s online store.
“We believe criminal e-skimming occurred from April 12, 2023, through June 2, 2023. However, on June 2, 2023, during a WordPress/plugin update, the malicious code was removed.”
“Nevertheless, they could have obtained your credit card information to purchase our client’s product online at www. iOttie.com.”
Having malicious code on a checkout page can lead to devastating outcomes. When a shopper submits their credit card information, the script harvests everything they input and sends it to the actors behind it.
The company did not disclose the scale of the attack, but everyone who purchased anything between the aforementioned dates should keep a keen eye for irregular behavior.
The breach allowed the threat actors access to names, personal information, and payment information such as financial account numbers, credit and debit card numbers, security codes, access codes, passwords, and PINs.
In other words, a lot can still be done with the data. That includes financial fraud and identity theft, as well as selling it on the black market.
MageCart Attacks on the Rise
Cybercriminals have been taking advantage of various WordPress plugin vulnerabilities to inject malicious code on web pages.
When an update is out, website hosts should immediately implement it to prevent further damage. However, those who have already been affected should stay vigilant and monitor their accounts for any irregular activity.