New reports indicate that Magecart hackers made their return, with multiple break-ins into the NutriBullet website.
A recent report by security researchers at RiskIQ revealed that popular blender maker NutriBullet was recently targeted by hackers. NutriBullet’s website reportedly suffered several attacks over the course of the last two months. [TechCrunch]
During the attacks, hackers managed to infect it with credit card stealing malware, which was found by researchers on the site’s payment pages. The malware stole data such as credit card numbers, expiry dates, card verification values, users’ names, billing addresses, and the like.
All of the stolen data was scraped and sent to a hacker-owned server, only to be sold to buyers on various dark web marketplaces.
Furthermore, it is also known that NutriBullet fought each time it was attacked, and each time it removed the malicious code that the hackers injected. However, hackers managed to keep accessing the firm’s infrastructure, which allowed them to infect it yet again as recently as last week.
Yonathan Klijnsma, head of research at RiskIQ, recommended that the company’s customers should not use the website until the firm has the chance to perform a complete cleanup. Meanwhile, NutriBullet’s Peter Huh, who acts as a chief information officer, confirmed that the company’s defenses were breached once again.
He said that the firm has launched forensic investigations into the breach and that it is working with online security specialists to prevent further attacks from managing the same. However, Huh did not reveal which firm is assisting NutriBullet.
The group behind the attack is believed to be Magecart, which is actually a hacker group of groups. As far as it is known, each of these groups has its own end-game, but they all mostly use the same approach when performing an attack. So far, there are eight known groups that are focused on stealing credit card data.
Magecart hackers were also known to attack numerous other businesses in the past, including the American Cancer Society, Ticketmaster, Newegg, and British Airways.