[BreachExchange] Magecart Mayhem Continues in OXO Breach

Destry Winant destry at riskbasedsecurity.com
Wed Jan 9 23:45:14 EST 2019


https://www.darkreading.com/attacks-breaches/magecart-mayhem-continues-in-oxo-breach/d/d-id/1333614

The home goods company confirmed users' data may have been compromised
during multiple time frames over a two-year period.

OXO International, a US-based manufacturer of kitchen utensils and
home goods, reported a data breach spanning two years that experts say
appears to be a Magecart attack.

The company is notifying customers of a data security incident
"involving sophisticated criminal activity" that may have compromised
their personal data. It believes unauthorized code may have granted
adversaries access to names, billing and shipping addresses, and
credit card info.

In December 2018, OXO worked with forensic investigators to confirm
the security of personal data entered on its website may have been
exposed. It claims the windows of compromise include June 9, 2017,
through November 28, 2017; June 8-9, 2018; and July 20, 2018, through
October 16, 2018. Upon discovering the intruders' code, OXO worked
with security consultants to investigate the incident and determine
the next steps to prevent similar types of attacks in the future,
officials report in a letter.

Additional evidence and further analysis identified past website
vulnerabilities. OXO investigated the malicious code, removed it,
conducted system scans, and reissued access credentials. It is also
providing identity monitoring to customers for one year via Kroll.
Qualifying members are being sent an ID by OXO they can use to access
the free service.

A closer look at the breach by BleepingComputer shows this is likely a
Magecart attack. Magecart, an umbrella term for at least seven
cybercriminal groups, has been gaining notoriety for stealing
financial data by installing digital credit card skimmers onto
e-commerce sites. Attackers implement code into a target site's
checkout page to lift data that customers enter. As the report
explains, at least one of the OXO breaches was a Magecart attack to
steal information.

Magecart's victims have expanded from consumers to globally known
brands, including Ticketmaster, British Airways, and Newegg.


More information about the BreachExchange mailing list