[BreachExchange] UK Activewear Retailer Sweaty Betty Falls Prey To Magecart Attack

Destry Winant destry at riskbasedsecurity.com
Fri Dec 6 09:45:20 EST 2019


The Magecart attackers seem very active these days. Carrying on with
their malicious campaign, they have once again preyed on an eCommerce
website. This time, the victim appears to be the UK retailer Sweaty
Betty that resulted in the breach of customers details.

Sweaty Betty Suffered Magecart Attack

 Reportedly, the UK-based activewear retailer Sweaty Betty has fallen
prey to a cyber attack. Sweaty Betty disclosed that their e-store
suffered a Magecart attack. Consequently, the site exposed customers’
information including payment card details to the attackers.

As revealed through their emails sent to customers, the e-commerce
site remained under attack for about a week. Specifically, the
malicious data-stealing code existed on the website’s checkout page
from November 19, 2019, to November 27, 2019.

During this period, the attackers managed to pilfer data from
customers registering new payment cards on the site. This is something
in line with Magecart codes that work on newly registered details.
Thus, the customers who had already saved their card details on the
site, or those using some other payment method remained safe during
the attack.

The breached details include customers’ names, account passwords,
email addresses, billing and shipping addresses, phone numbers,
payment card numbers with CVV numbers and expiry dates.

Security Measures From The Retailer

 After the incident, Sweaty Betty sent email notices to the victims
alerting them of the breach. However, they didn’t upload any such
information on their site. Thus, making it difficult for users to
verify the authenticity of the emails and their contents. Eventually,
the news surfaced online after the customers took to twitter while
sharing the emails they received apparently from the firm.

While their site is already up and running, as usual, it seems the
most affected are customers who have registered recently with the
site. Therefore, users should stay alert with regard to suspicious
bank transactions, particularly, those who have registered their cards
on the website during the period affected by the breach.

Recently, Magecart also attacked the popular fashion store Macy’s
where the attack also lasted for about a week.

More information about the BreachExchange mailing list