1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Major e-cigarette store hacked to steal credit card details

    From TechnologyDaily@1337:1/100 to All on Mon Feb 21 22:45:04 2022
    Major e-cigarette store hacked to steal credit card details

    Date:
    Mon, 21 Feb 2022 22:30:43 +0000

    Description:
    Once disclosed, Element Vape moved to remove the malicious code from its website.

    FULL STORY ======================================================================

    Element Vape, a popular online retailer selling e-cigarettes and accompanying accessories, has had its website compromised and loaded with the popular credit card skimmer, MageCart.

    The news was revealed by BleepingComputer , whose analysts investigated the websites code, and found the skimmer on the checkout page. The skimmer was stealing information such as email addresses, credit card numbers and expiration dates, phone numbers, billing addresses, and street and ZIP codes.

    As soon as the existence of the skimmer was confirmed, the publication notified Element Vape, which reacted promptly, eliminating the malicious code from its website on the same day. Recent attack

    How the code ended up on the webpage in the first place remains a mystery,
    and it's hard to tell if any of the company's endpoints were infected with malware.

    The name of the threat actor is also unknown. The publication says the data stolen gets exfiltrated to an obfuscated, hardcoded Telegram address.

    What the investigation did discover is that the attack is most likely of a newer date, as the code wasnt present on the site in early February this
    year. Read more

    MageCart attacks return to target hundreds of outdated ecommerce sites


    Retailers using WooCommerce are the next target for Magecart card skimmer
    attacks


    Magecart attacks hit thousands of UK SMBs ahead of Black Friday

    Element Vape has been attacked before, BleepingComputer says. Back in 2018,
    it notified its customers of potentially leaking personally identifiable information (PII) to unknown threat actors.

    The consumers filed a lawsuit, claiming the company did not notify affected individuals on time, and did not do all it could to prevent the incident from happening in the first place. The lawsuit was followed by a class-action one in 2019, demanding a trial by jury.

    We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a 100 Amazon gift card (or equivalent in USD). Thank you for taking part.

    Click here to start the survey in a new window <<

    While the communitys response to Element Vape seems to be mostly positive, across social media, there are a few potential red flags, BleepingComputer hints. For example, in some U.S. states, its known as TheSY LLC, and has a Twitter userbase of 13,000. However, its tweets are protected, which is not what youre used to seeing from a company.

    Element Vape is yet to comment on the findings. Customers interacting with
    the company are advised to keep both eyes on their credit cards, for suspicious transactions. You should also check out our list of the best firewalls right now



    ======================================================================
    Link to news story: https://www.techradar.com/news/major-e-cigarette-store-hacked-to-steal-credit- card-details/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)