iOttie, a prominent car mount and mobile accessory manufacturer, has issued a data breach notification revealing that its online store was compromised for nearly two months, allowing cybercriminals to steal credit cards and personal information from online shoppers. The breach occurred between April 12, 2023, and June 2, 2023, during which malicious scripts were injected into the site.
iOttie believes criminal e-skimming took place during this period, emphasizing that the malicious code was removed on June 2, 2023, during a WordPress/plugin update. While the company did not disclose the number of affected customers, it warned that names, personal information, and payment details, including financial account numbers, credit and debit card numbers, security codes, access codes, passwords, and PINs, could have been stolen.
The attack follows the MageCart technique, where threat actors compromise online stores to inject malicious JavaScript into checkout pages. This script captures credit card information submitted by shoppers, sending it to the attackers for potential use in financial fraud, identity theft, or sale on dark web marketplaces. iOttie customers who made purchases between April 12th and June 2nd have been advised to monitor their credit card statements and bank accounts for any signs of fraudulent activity.
While the exact method of the breach was not disclosed, iOttie’s online store operates on WordPress with the WooCommerce merchant plugin, a platform frequently targeted by threat actors. Vulnerabilities in WordPress plugins, often leading to complete site takeovers or code injections, have been exploited by hackers, highlighting the importance of regular security updates and monitoring for online platforms.
