[BreachExchange] Japanese beauty retailer Acro blames third-party hack for breach of 100k payment cards

Terrell Byrd terrell.byrd at riskbasedsecurity.com
Fri Mar 4 15:17:52 EST 2022 

https://portswigger.net/daily-swig/japanese-beauty-retailer-acro-blames-third-party-hack-for-breach-of-100k-payment-cards

A data breach disclosed by a Japanese e-commerce company has exposed the
details of more than 100,000 payment cards.

In a data breach notice (in Japanese), beauty products retailer Acro
revealed that customers of two of its four beauty product websites were
impacted as the result of exploitation of a vulnerability in a third-party
payment processing vendor.

The attack, it added, compromised data related to 89,295 payment cards used
to pay for goods on the Three Cosmetics domain and 103,935 cards used on
its Amplitude site.

Victims potentially include anyone who made purchases on either of the two
sites between May 21, 2020, and August 18, 2021.

The stolen data apparently included cardholder names, payment card numbers,
dates of expiry, and security codes.

It’s also possible that some usernames and passwords may have been leaked,
said Acro.

Timeline
A timeline of the Acro data breach and ensuing investigation begins with
suspicions being raised of a compromise on August 20, 2021, followed by all
four of the company’s sites being taken offline on August 21, 2021.

A third-party investigation began on August 24 and established certain
details about the leak on October 22.

The breach was subsequently reported to law enforcement and Japan’s
Personal Information Protection Commission.


The retailer said it started notifying affected customers by email from
February 24. Potential victims have been urged to monitor their financial
statements for suspicious activity and reset passwords on vulnerable online
accounts.

Acro apologized to customers about the breach and promised to bolster its
cybersecurity based on the investigation’s conclusions, including by
relaunching its websites and taking measures to prevent unauthorized logins.

It said it was also working with credit card companies to continuously
monitor transactions and prevent fraudulent use.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220304/f42ec7dc/attachment.html>

More information about the BreachExchange mailing list