BleepingComputer reports that major U.S. car mount and mobile device manufacturer iOttie had its online store impacted by a Magecart attack from April 12 to June 2, which may have compromised its customers' data.
Malicious JavaScript code injected by attackers to its checkout pages was only removed following an update of its WooCommerce merchant plugin on June 2, according to iOttie, which noted that threat actors may have stolen customers' names and other personal details, as well as their credit and debit card numbers, financial account numbers, access and security codes, passwords, and PINs.
Individuals whose data may have been impacted by the incident were urged to be vigilant of potential fraudulent activity in their bank accounts and credit card statements.
No details regarding the means of compromise were provided by iOttie but threat actors are believed to have leveraged a WordPress plugin vulnerability to breach the site. Such flaws have been increasingly exploited by attackers.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news