Car holder and mobile accessories maker iOttie warns that its site has been compromised for nearly two months to steal credit cards and personal information from online shoppers.

iOttie is a popular manufacturer of car mounts, chargers and accessories for mobile devices.

In a new data breach notification published yesterday, iOttie says it discovered on June 13 that its online store had been compromised between April 12, 2023 and June 2 with malicious scripts.

“We believe the criminal skimming occurred from April 12, 2023 to June 2, 2023. However, on June 2, 2023, during a WordPress/plugin update, the malicious code was removed.” ‘iOttie. data breach notification.

“Nevertheless, they could have obtained your credit card information to purchase our customer’s product online at www.iOttie.com.”

iOttie did not share the number of customers affected, but said names, personal information and payment information could have been stolen, including financial account numbers, credit and debit card numbers, security codes, access codes, passwords and PIN codes.

This type of attack is known as MageCart, which is when threat actors hack online stores to inject malicious JavaScript into checkout pages. When a buyer submits their credit card information, the script steals the entered data and sends it to threat actors.

This data is then used to conduct financial fraud, identity theft, or sold to other threat actors on dark web marketplaces.

Due to the detailed information potentially exposed in this attack, all iOttie customers who purchased a product between April 12 and June 2 should monitor their credit card statements and bank accounts for fraudulent activity.

Although iOttie did not share how they were breached, their online store is a WordPress site with the WooCommerce merchant plugin.

WordPress is one of the most common website platforms targeted by threat actors, with vulnerabilities often found in plugins that allow full site takeovers or injection of malicious code into templates WordPress.

As iOttie revealed that the malicious code was removed with a plugin update, the hackers likely hacked the site using a vulnerability in one of its WordPress plugins.

Recently, threat actors have exploited vulnerabilities in various WordPress plugins, including cookie consent banners, Advanced custom fieldsAnd Elementor Pro.


Source link