[BreachExchange] Malware-infected beauty shop hadn’t backed up data in 2 years

Audrey McNeil audrey at riskbasedsecurity.com
Tue Jan 9 20:23:50 EST 2018


Not having a backup and recovery strategy has drastic business
implications, as an online vendor of makeup sponges from California found
out. Known online as ‘beautyblender,’ Rea.deeming Beauty, Inc. sent a
notification to California’s Office of the Attorney General informing the
department that their online shop had been infected with malware that stole
payment data at checkout.

Because the vendor hadn’t backed up data daily, they couldn’t determine who
had fallen victim and what the exact implications of the breach were,
writes BleepingComputer. As a result, the company is reaching out to all
its 3,673 customers residing in California, because they have no idea who
has been affected.

Beautyblender started a forensic investigation and informed its web host
after two customers reported fraudulent transactions made with credit cards
used on the website. The malware was detected by the web host in October
2017. Third-party investigators confirmed it in November, and reported that
the website was infected sometime in July. Hackers had unauthorized access
to customer names, addresses, phone numbers, emails and credit or debit
card information.

“The forensic investigator then began efforts to determine when the malware
was placed on the website,” Beautyblender says. “Unfortunately, due to the
lack of backups of the website that were available from the website hosting
company, beautyblender has been unable to confirm the date that the malware
was placed on the website.”

The company had last backed up its data in April 2015, leaving it extremely
vulnerable. Not only were its customers exposed to data theft and fraud,
but Beautyblender can’t rebuild the data that consisted in years of
valuable information for their business. Failure to keep regular, multiple
backups is one of the most common mistakes companies make, because in case
of natural disasters, system failure or cyberattacks, the company could
face permanent data loss.

In the notification email sent to customers, Beautyblender confirms the
infected code has been removed from the website, but thorough monitoring of
credit card statement is still recommended.

“We have removed the infected code that led to the vulnerability and
implemented additional security measures to reduce the likelihood of a
similar incident from happening in the future,” reads the email signed by
Catherine Bailey, President and COO. “We are providing notice of this
incident to those who may have been impacted so that they can take steps to
prevent against possible fraud, should they feel it is necessary to do so.
We will also notify any required state regulators and the credit reporting
agencies about this incident.”

The company has not made public statement.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180109/69df9d4a/attachment.html>

More information about the BreachExchange mailing list