Magecart Mayhem Continues in OXO Breach

  /     /     /  
Publicated : 23/11/2024   Category : security


Magecart Mayhem Continues in OXO Breach


The home goods company confirmed users data may have been compromised during multiple time frames over a two-year period.



OXO International, a US-based manufacturer of kitchen utensils and home goods, reported a data breach spanning two years that experts say appears to be a Magecart attack.
The company is notifying customers of a data security incident involving sophisticated criminal activity that may have compromised their personal data. It believes unauthorized code may have granted adversaries access to names, billing and shipping addresses, and credit card info.
In December 2018, OXO worked with forensic investigators to confirm the security of personal data entered on its website may have been exposed. It claims the windows of compromise include June 9, 2017, through November 28, 2017; June 8-9, 2018; and July 20, 2018, through October 16, 2018. Upon discovering the intruders code, OXO worked with security consultants to investigate the incident and determine the next steps to prevent similar types of attacks in the future, officials report in a letter.
Additional evidence and further analysis identified past website vulnerabilities. OXO investigated the malicious code, removed it, conducted system scans, and reissued access credentials. It is also providing identity monitoring to customers for one year via Kroll. Qualifying members are being sent an ID by OXO they can use to access the free service.
A
closer look
at the breach by BleepingComputer shows this is likely a Magecart attack. Magecart, an umbrella term for at least seven cybercriminal groups, has been gaining
notoriety
for stealing financial data by installing digital credit card skimmers onto e-commerce sites. Attackers implement code into a target sites checkout page to lift data that customers enter. As the report explains, at least one of the OXO breaches was a Magecart attack to steal information.
Magecarts victims have expanded from consumers to globally known brands, including Ticketmaster, British Airways, and Newegg.
Read more details
here
.

Last News

▸ 27 Million South Koreans Hit by Online Gaming Theft. ◂
Discovered: 23/12/2024
Category: security

▸ Homeland Security Background Checks Breach Raises Concerns. ◂
Discovered: 23/12/2024
Category: security

▸ Fully committed to the future world of technology. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Magecart Mayhem Continues in OXO Breach