See More

Smith & Wesson Hacked: Attackers After Credit Card Data

2 mins
By
Updated by
Join our Trading Community on Telegram
The website of a gun manufacturing company, Smith & Wesson, was recently hacked when attackers injected it with a data retrieving code that was after credit card info.
According to recent data, anyone who recently purchased anything from the Smith & Wesson website — particularly around Black Friday — might be a victim of hackers. Security researchers recently discovered that the company’s site got infected by a malicious javascript code.

Stealing Credit Card Information

The purpose of the code is to steal user credit card information and forward it to attackers. Security experts believe that the code only appeared around November 27th. After that, the code remained active until yesterday, December 3rd. The code was noticed by a fraud detection firm known as Sanguine Security, which noticed the ‘payment card skimming’ attack. The company reported that attackers used a Javascript program that runs whenever a US-based browser accesses the Smith & Wesson site. Interestingly enough, the code doesn’t do much else, and it is mostly dormant until the user completes their browsing and moves on to make a purchase. In other words, the code only activates at the checkout, when it records the payment card data and sends it to the hacker.

Experts Found a Number of Similar Attacks

This is far from being the first attack of this kind. A similar incident happened only a month ago, at Macy’s. Once again, the attacker infected the company’s website with a code that focused on the checkout page. Meanwhile, Sanguine Security’s Willem de Groot confirmed that the same hackers that targeted Smith & Wesson also attempted to infect dozens of other sites. He also noted that attackers are using numerous tactics and vulnerabilities to access secured websites, such as the flaw in Magento e-commerce software. Smith & Wesson Another interesting detail is that hackers that hit Smith & Wesson used Sanguine Security’s name to pull off their attacks. The company’s name was used on two domains that were hosting the code — sanguinelab.net and sansec.us. Not only that, but hackers even used de Groot’s name to register the second of the two domains. What are your thoughts regarding the incident? Have you used Smith & Wesson’s website around Black Friday? Let us know what you think of the attacks in the comments section below.
Images are courtesy of Shutterstock, Twitter, Pixabay.

Trusted

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

Sponsored
Sponsored