UK retailer Sweaty Betty confirmed Tuesday it has been hit by the popular malware Magecart, putting their customers at risk of having their credit card or debit card details stolen by hackers.
In an email sent to their customers, the activewear retailer Sweaty Betty disclosed that attackers were able to access part of their website and have injected a “malicious code designed to capture information entered during the checkout process.” According to the notification, customers who have made their orders between November 19th, 2019, at 6:24 PM (GMT) and November 27th, 2019, at 2:52 PM (GMT) may have their payment information stolen.
“These investigations confirmed that a third party gained unauthorized access to part of our website and inserted malicious code designed to capture information entered during the checkout process. This affected customers attempting to place orders online or over the phone for limited intermitten (sic) periods of time from Tuesday 19 November at 6.24 pm (GMT to Wednesday 27 November 2019 at 2.52.pm (GMT),” the company said in the email.
According to the notification, the UK retailer has launched an investigation and has informed the U.K. Information Commissioner’s Office.
“With the holiday retail season in full swing, digital commerce companies can increasingly expect to be a target for account takeover and other e-skimming threats,” commented Robert Prigge, CEO of digital identity verification provider Jumio Corp., in an interview with SiliconANGLE. “Increasingly, criminals have everything they need to commit fraud thanks to the personal information stolen through this hack and other readily available data on the dark web. This highlights the pressing need for retailers – and any company with a digital presence – to adopt biometric authentication solutions to protect their legitimate users and online ecosystem by verifying that the person placing an online order is, in fact, the account owner.”
Magecart, the type of attack that had hit the website of Sweaty Betty, involves the use of malicious code to checkout pages designed to send the payment information provided by customers to a remote server that is under the control of the attacker.
The company, however, clarified that the incident doesn’t concern those who had used their existing credit cards or turned to alternative paying platforms, such as PayPal and ApplePay when they made their purchases on the given dates.
“Our investigation shows that the incident was limited to only those customers who entered new credit card details as part of the payment process,” the email added.