Sweaty Betty suffers loss of customer records to formjacking attack


Popular British fashion store Sweaty Betty suffered a breach of customer records after hackers injected malicious code into the store’s website and exfiltrated customers’ details from the checkout page.

In yet another formjacking attack targeting the website of a popular e-commerce firm, Magecart hackers recently injected malicious code into the website of British fashion retailer Sweaty Betty to steal payment card details and other sensitive information of customers from the checkout page.

The breach was disclosed by the fashion retailer in an email to affected customers in which the firm said that unknown hackers had injected malicious code into its website in order “to capture information entered during the checkout process”.

It added that hackers behind the operation used malicious code to steal certain customer information such as names, billing addresses, delivery addresses, email addresses, telephone numbers, password, payment card numbers, CVV numbers, and expiry dates.

Hackers stole personal & financial information of customers from Sweaty Betty checkout page

The breach did not impact customers who made purchases between 19 November and 27 November on Sweaty Betty’s website using saved payment cards but impacted those who typed their payment cards details on the website’s checkout page in the said period.

“We can confirm that Sweaty Betty has launched a comprehensive investigation following a highly-sophisticated cyber security incident on our website platform. We worked quickly to engage specialist technical security consultants to assist us with our investigations and we can confirm the issue has now been resolved and apologise for any inconvenience.

“We have taken all the necessary steps to inform those who may have been affected and the Information Commissioner’s Office (ICO) has been notified. We take data security extremely seriously and the privacy of our customers remains our highest priority. Importantly, this issue has been resolved, and it is safe to shop at Sweaty Betty – whether online, by phone, or in stores,” the e-commerce firm said in a statement shared with media agencies.

The cyber attack targeting Sweaty Betty is quite similar to the attack carried out by hackers against French fashion online store Sixth June to steal payment card details of customers from the website’s checkout page.

The cyber attack targeting Sixth June’s website was discovered by a security researcher from Rapidstrike who noted that the code was inserted into the fashion retailer’s website sometime before October 23 and continued to skim payment card details from the checkout page as no action had been taken by Sixth June even after being informed about the threat.

His analysis also revealed that the skimming code captured additional details from the checkout page such as usernames and passwords, email addresses, address details, and phone numbers, thereby allowing a hacker to gain access to customer accounts and make certain modifications.

Formjacking attacks target 5,500 online stores each month

“Reports vary but an estimated 5,500 online stores get formjacked each month. That’s because formjacking is relatively easy to implement, hard to detect and provides a very lucrative revenue stream for the perpetrators,” RapidSpike noted.

“In simple terms, all it takes is for the hacker to insert malicious javascript code into the ecommerce site. That javascript code captures any payment data that customers type into those fields and sends it to an external destination or host – all done in stealth, without disrupting the customers shopping experience.

“The data that’s skimmed or stolen is then sold on the dark web. Figures vary but the data formjacked from the British Airways site has been reportedly sold for as much as $50 per record ($50 x 380,000 = $19,000,000),” the firm added.



Source link