A popular New York based manufacturer of homeware, office supplies and kitchen utensils has announced a data breach that is said to have occurred over a two-year period. It is not known the extent of how many people were affected, but that payment information was involved and possibly taken during the payment process.
OXO is advising all of their customers to check their bank accounts for any fraudulent activity, especially those that purchased from the site between June 9, 2017 – November 20, 2017, June 8, 2018 – June 9, 2018 and July 20, 2018 – October 16, 2018. They are offering a years’ worth of free credit monitoring for anyone affected by the attack.
A spokesperson from OXO said:
“OXO values your business and deeply regrets that this incident occurred. Upon discovering the unauthorized code, OXO immediately took actions to secure its site by working with recognised security consultants to conduct a thorough investigation of the incident and to determine additional measures designed to help prevent incidents of this kind in the future.”
It’s suspected that this is yet another Magecart attack, similar to that of Newegg, British Airways, Ticketmaster and other high-profile breaches which occurred throughout 2018. This form of data breach happens when attackers place an unauthorised code into a site’s checkout page in order to steal data that a customer inputs into the page. This data is then automatically sent to a remote server so that it can be collected by the attackers.
In an Archive.org snapshot from June 9th 2017, the source code of the checkout page shows that a JavaScript script was being loaded into the page from https://js-cloud.com/js/static.js
It is still not clear how many sites are infected with Magecart’s script, however with the increased frequency of this hacking method being used over the past few years, it’s essential that organisations are aware of how to recognise and prevent them. Making sure all web servers and the software running on them are up to date with the latest security is crucial, along with implementing Subresource Integrity (SRI) which helps identify unauthorised scripts on the site before they can take effect.
It’s expected that this type of data theft is set to continue into 2019 and according to Yonathan Klijnsma, a threat researcher from RiskIQ, the best “solution is to protect yourself from any kind of web attack.”
An effective way of avoiding this form of attack is to take any sensitive data associated with the organisation “out of scope”, meaning it never actually enters their networks or environment. This can be done using a third-party secure payment solutions provider, such as Key IVR, who ensure payments are processed safely and securely.
Take a look at our Payment Solutions or alternatively contact a member of our team on +44 (0) 1302 513 000 or email sales@keyivr.com