SCUF Gaming website was infected by a web skimmer, which allowed the malicious individuals to steal the customer's credit card info.
- SCUF Gaming customers have been victims of a web skimming attack.
- The Maine attorney general’s office reported that a total of 32,645 people were affected.
SCUF Gaming website was infected by a web skimmer, which allowed the malicious individuals to steal the customer's credit card info.
SCUF Gaming customers were the victims of a web skimming attack (also known as e-Skimming, payment card skimmers or Magecart). Threat actors insert JavaScript-based scripts known as credit card skimmers (aka Magecart scripts, web skimmers or payment card skimmers ) into compromised online stores, allowing them to harvest and steal customers' payment and personal data.
The attackers later sell it to other hacking forums or use it in various financial or identity theft fraud schemes.
The SCUF Gaming’s attackers gained access to the company’s backend on February 3rd using login credentials stolen from a third-party vendor. On February 18th, SCUF’s payment processor alerted it to unusual credit card activity linked to its web store.
The payment skimmer was detected and eliminated one month later, on March 16th, following what the company calls "a rigorous investigation in partnership with third-party forensic specialists."
"Our investigation has determined that orders processed via PayPal were not compromised and that the incident was limited to payments or attempted payments via credit card between February 3rd and March 16th," says SCUF Gaming in a breach notification letter sent to affected individuals.
The exposed data was limited to cardholder name, email address, billing address, credit card number, expiration date, and CVV.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?