Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Accessories giant Claire’s is the victim of a Magecart attack, credit card data exposed

Hackers breached the websites of the U.S. accessory giant Claire’s, and its subsidiary Icing, and gained access to customer’s credit card data. Threat actors have hacked the websites of the U.S. based jewelry and accessory giant Claire’s, and its subsidiary Icing, the security breach took place in April and attackers may have gained access to customer’s credit cards. Claire’s […]

magecart claire's

Hackers breached the websites of the U.S. accessory giant Claire’s, and its subsidiary Icing, and gained access to customer’s credit card data.

Threat actors have hacked the websites of the U.S. based jewelry and accessory giant Claire’s, and its subsidiary Icing, the security breach took place in April and attackers may have gained access to customer’s credit cards.

Claire’s is an American retailer of accessories, jewelry, and toys primarily aimed toward girls, tweens and teens, it has over 2,000 locations in North America and Europe, and 6,794 concession locations and 546 franchised stores in other regions.

Researchers from cybersecurity firm Sansec reported that the company’s website was the victim of a Magecart attack.

Hackers compromised the website injecting a malicious script in multiple sections to steal payment card data submitted by users while purchasing products from the site.

Threat actors attempted to benefits of the increase of the online purchases due to the lockdown in response to the COVID-19 pandemic.

Attackers created a domain named ‘claires-assets.com’ as part or the Magecart attack. The domain remained inactive since April, between April 25 and 30 the attackers compromised the official Claire’s website and injected a malicious script into the claires.com, and their subsidiary icing.com, websites.

“Claire’s, a fashion retailer, closed all of its 3000 brick & mortar stores worldwide on March 20th. The next day, the domain claires-assets.com was registered by an anonymous party:” reads the report published by Sansec.

“The malware was added to the (otherwise legitimate) app.min.js file. This file is hosted on Salesforce servers, so there is no “Supply Chain Attack” involved, and attackers have actually gained write access to the server running the store,”

This malicious script waits for a customer to check out and then attempts to steal their payment information by sending it as arguments to an image URL on https://claires-assets.com/, which belongs to the attackers.

The e-skimmer was added to the submit button of the checkout form. Upon clicking the button, the full “Demandware Checkout Form” is grabbed, serialized and base64 encoded. Stolen data are sent as arguments to a temporary image URL on https://claires-assets.com/, which is the website set up by the attackers.

Sansec researchers shared their findings with Claire’s IT staff that removed the software skimmer on Saturday.

Customers who made purchases on Claire’s website between April 25th and April 30th, should contact their credit card company and monitor statements for fraudulent purchases.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Claire’s, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]