Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Warner Music Group online stores hit by look-like Magecart attack

Warner Music Group (WMG) disclosed a data breach affecting US-based e-commerce stores, the compromise appears to be a Magecart attack. Warner Music Group (WMG) is a major music company with interests in recorded music, music publishing and artist services. The company has disclosed a data breach that impacted customers’ personal and financial information, the incident […]

Warner Music Group

Warner Music Group (WMG) disclosed a data breach affecting US-based e-commerce stores, the compromise appears to be a Magecart attack.

Warner Music Group (WMG) is a major music company with interests in recorded music, music publishing and artist services. The company has disclosed a data breach that impacted customers’ personal and financial information, the incident affected several US-based e-commerce stores.

The attack took place in April 2020 and according to the experts it looks like a Magecart attack.

“We are writing to let you know that a cybersecurity incident involving a number of e-commerce websites operated by Warner Music Group (“WMG”) through an external service provider may have allowed an unauthorized third party to acquire a copy of personal information you entered into those websites.” reads notice of data breach letter filed with the Office of the Attorney General in the state of California.

The attack impacted multiple e-commerce websites that Warner Music Group operates via a third-party service provider. The websites were compromised by hackers that were able to siphon personal information entered by the customers into the sites between April 25, 2020 and August 5, 2020.

“On August 5, 2020, we learned that an unauthorized third party had compromised a number of US-based e-commerce websites WMG operates but that are hosted and supported by an external service provider,” continues the data breach notification.

“This allowed the unauthorized third party to potentially acquire a copy of the personal information you entered into one or more of the affected website(s) between April 25, 2020 and August 5, 2020.”

Exposed data included the customers’ names, email addresses, telephone numbers, billing addresses, shipping addresses, and payment card details (card number, CVC/CVV, and expiration date).

A preliminary investigation conducted by Warner Music Group doesn’t exclude that the data has been exfiltrated by the hackers for this reason the company is recommending affected individuals to remain vigilant and report any anomalous activity to their bank accounts.

Warner Music Group added that payments through PayPal on the compromised websites were not affected.

“Upon discovering the incident we immediately launched a thorough forensic investigation with the assistance of leading outside cybersecurity experts and promptly took steps to address and correct the issue,” continues the note. “We also notified the relevant credit card providers as well as law enforcement, with whom we continue to cooperate.”

WMG is offering one year of free identity monitoring services through Kroll to the affected customers.

The company is still investigating the attack with the help of cybersecurity experts and announced that it is putting in place additional measures to prevent future incidents.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Warner Music Group)

[adrotate banner=”5″]

[adrotate banner=”13″]