iOttie reports data breach and theft of credit cards through e-commerce site
Learn More
iOttie, a company specializing in the production of mobile device car mounts, chargers, and accessories, has issued a warning regarding a significant security breach on its website.
The breach occurred over a period of nearly two months, during which online shoppers' credit card details and personal information were stolen.
On June 13th, iOttie discovered that their online store had been compromised between April 12th, 2023, and June 2nd, 2023, as a result of malicious scripts being injected into the website. The company believes that criminal e-skimming took place during this period. The malicious code was removed on June 2nd, 2023, during a WordPress/plugin update. The iOttie site employs the WooCommerce merchant plugin.
Although iOttie has not disclosed the exact number of affected customers, they have reported the possible breached data:
- names,
- financial account numbers,
- credit and debit card numbers, s
- ecurity codes,
- access codes,
- passwords,
- PINs
The attack type is quite well known and is referred to as MageCart. In MageCart attacks, malicious actors exploit vulnerabilities in online stores to inject harmful JavaScript code into checkout pages. When a customer enters their credit card information during the checkout process, the injected script covertly captures the inputted data and transmits it to the attackers.
iOttie advises all customers who made purchases on their website between April 12th and June 2nd to closely monitor their credit card statements and bank accounts for any signs of fraudulent activity.
