iOttie, a well-known brand specialising in car mounts and mobile accessories, has alerted customers about a concerning incident. The company recently disclosed that its website experienced a security breach lasting nearly two months, resulting in the theft of credit card details and personal information of online shoppers.
Yesterday, iOttie released a data breach notification, revealing that they first became aware of the compromise on June 13th. The breach, caused by malicious scripts, occurred between April 12th and June 2nd, 2023, impacting the security of their online store.
The iOttie data breach notification cautions that criminal e-skimming activities are believed to have taken place from April 12, 2023, to June 2, 2023. However, the notification explains that on June 2, 2023, while performing a WordPress/plugin update, the malicious code was successfully eliminated.
Nevertheless, it is possible that the perpetrators managed to obtain customers' credit card information and utilise it for making online purchases through iOttie's website, www.iOttie.com.
iOttie has not disclosed the exact number of affected customers. However, the compromised data may include names, personal information, payment details such as financial account numbers, credit and debit card numbers, security codes, access codes, passwords, and PINs.
This type of attack is known as MageCart, which is where threat actors infiltrate online stores to inject malevolent JavaScript into checkout pages. When customers input their credit card information, the injected script stealthily collects the data and transmits it to the attackers.
The stolen data is then exploited for financial fraud, identity theft, or sold to other malicious actors on dark web marketplaces.
Considering the vast range of potentially compromised information, it is strongly advised that all iOttie customers who made purchases between April 12th and June 2nd closely monitor their credit card statements and bank accounts for any signs of fraudulent activity.
Although iOttie has not disclosed the specifics of their breach, it is worth noting that their online store operates on a WordPress site integrated with the WooCommerce merchant plugin.
WordPress is frequently targeted by threat actors due to its widespread usage, and vulnerabilities are often found in plugins, which can lead to complete site takeovers or the injection of malicious code into WordPress templates.
According to iOttie's disclosure, the removal of the malicious code through a plugin update suggests that the hackers gained unauthorised access to the site by exploiting a vulnerability in one of its WordPress plugins.
Recently, malicious actors have been targeting vulnerabilities found in different WordPress plugins, such as those related to cookie consent banners, Advanced Custom Fields, and Elementor Pro.
Preventative steps to consider
To defend against Magecart infections, website owners can enhance the security of their platforms by implementing strong protective measures. These measures include ensuring the proper safeguarding of website admin accounts and promptly applying security updates for their content management systems (CMS) and plugins. By using services provided by cyber security companies such as web application test businesses can effectively identify vulnerabilities and enhance the security of their web applications. To find out more about what these are and how they work, click here.
Cybersecurity companies can provide ongoing monitoring, incident response capabilities, and timely threat intelligence, enabling organisations to stay one step ahead of cybercriminals. Partnering with a trusted cybersecurity company empowers businesses to focus on their core operations with confidence, knowing that their digital assets are safeguarded by dedicated professionals.
