The Magecart attackers seem very active these days. Carrying on with their malicious campaign, they have once again preyed on an eCommerce website. This time, the victim appears to be the UK retailer Sweaty Betty that resulted in the breach of customers details.
Sweaty Betty Suffered Magecart Attack
Reportedly, the UK-based activewear retailer Sweaty Betty has fallen prey to a cyber attack. Sweaty Betty disclosed that their e-store suffered a Magecart attack. Consequently, the site exposed customers’ information including payment card details to the attackers.
As revealed through their emails sent to customers, the e-commerce site remained under attack for about a week. Specifically, the malicious data-stealing code existed on the website’s checkout page from November 19, 2019, to November 27, 2019.
During this period, the attackers managed to pilfer data from customers registering new payment cards on the site. This is something in line with Magecart codes that work on newly registered details. Thus, the customers who had already saved their card details on the site, or those using some other payment method remained safe during the attack.
The breached details include customers’ names, account passwords, email addresses, billing and shipping addresses, phone numbers, payment card numbers with CVV numbers and expiry dates.
Security Measures From The Retailer
After the incident, Sweaty Betty sent email notices to the victims alerting them of the breach.
However, they didn’t upload any such information on their site. Thus, making it difficult for users to verify the authenticity of the emails and their contents.
Eventually, the news surfaced online after the customers took to twitter while sharing the emails they received apparently from the firm.
@sweatybetty Is this genuine? This is my first and last time using this shop if it is. The least I expect is for my data to be safe. pic.twitter.com/IYKKThzEUc
— Liz T (@Elizabe05203242) December 3, 2019
Have retailer @sweatybetty been hit by a cyber attack / breach?
Some customers have received the below email purporting to be from them. The retailer have been contacted but have refused to confirm or deny… pic.twitter.com/SSL7euWaAV
— Danzac Consulting (@DanzacCyber) December 3, 2019
I absolutely love @sweatybetty but I’m truly devastated to have been caught up in their data breach last week and am now seriously worried about who may have access to my bank card and personal data. Nice one ??
— Laura ? (@lbeldreams) December 3, 2019
While their site is already up and running, as usual, it seems the most affected are customers who have registered recently with the site. Therefore, users should stay alert with regard to suspicios bank transactions, particularly, those who have registered their cards on the website during the period affected by the breach.
Recently, Magecart also attacked the popular fashion store Macy’s where the attack also lasted for about a week.
Let us know your thoughts in the comments.