Rooster Tooth Falls Victim to Data Breach, Exposes Customer Payment Information

Austin-headquartered entertainment company Rooster Tooth has become the latest company to fall victim to a data breach, following an attack that hit its online store to steal credit card and other payment information of its shoppers.

According to a report from Bleeping Computer, the production company first discovered the security incident on December 2, hours after a malicious script was injected in the company online store. The code was reported to have impacted the company’s site and was designed to redirect shoppers to a fake payment page that is under the control of the hackers.

“On December 2, 2019, Rooster Teeth discovered that malicious code had been added to the Site earlier the same day,” the company disclosed in a data breach notification. “The malicious code directed users entering a checkout on the Site to a spoofed webpage where they were asked to enter payment card details in order to complete their purchases.  This was inserted after the stage at which users entered their shipping data.  Users who completed the payment card details page were then directed to the real webpage, where they were asked to complete the forms again.”

Rooster Tooth Data Breach

ADVERTISEMENT

Among the information stolen from customers include their name, email address, telephone number, physical address, and/or payment card information that was submitted on the checkout.

In response to the discovery of the malicious script, Rooster Tooth clarified it was quick to remove the code from its system on the same date of the discovery. The production company also said it had immediately notified customers that are affected by the breach by sending data breach notifications and even offering them a 1-year free Experian IdentityWorks subscription.

Bleeping Computer, however, clarified that the attack that had impacted the online store of the company wasn’t a type of Magecart attack, a popular form of data skimming, which breach sites directly or via supply chain attacks to steal the credit card information of customers.

“Yonathan Klijnsma of RiskIQ told BleepingComputer that Rooster Teeth was affected by an attack similar to ones that were recently disclosed in the researcher’s Full(z) House: a digital crime group report,” the news site reported.

“In the attack described in Full(z) House and Rooster Teeth’s data breach notification a malicious script was combined with a phishing page under the attacker’s control to steal the payment information.”

ADVERTISEMENT

Founded in 2003, Rooster Tooth is an entertainment company that operates as a unit of Warner Media. Among its most popular shows and documentaries include RWBY, gen:LOCK, RTAA, Death Battle, and Red vs Blue.

ADVERTISEMENT