Tupperware hasn’t yet put a lid on a targeted cyberattack that uses a credit card skimmer to collect customer payment information at checkout on the tupperware[.]com site and some of its local sites.

The threat actors hid “malicious code within an image file that activates a fraudulent payment form during the checkout process,” according to researchers at Malwarebytes who discovered the compromise March 20. “This form collects customer payment data via a digital credit card skimmer and passes it on to the cybercriminals with Tupperware shoppers none-the-wiser.”

The Tupperware party long ago moved to the internet – with more than one million people visiting the company’s website monthly. And as COVID-19 virus drives more people online to shop, the researchers wrote in a Wednesday blog post that “there is little doubt that a larger number of transactions will be impacted by credit card skimmers,” one of the top web threats they monitor.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.