Car mount and mobile accessory maker iOttie warns that its site was compromised for almost two months to steal online shoppers’ credit cards and personal information.
iOttie is a popular manufacturer of mobile device car mounts, chargers, and accessories.
In a new data breach notification issued yesterday, iOttie says they discovered on June 13th that its online store was compromised between April 12th, 2023, and June 2nd with malicious scripts.
“We believe criminal e-skimming occurred from April 12, 2023, through June 2, 2023. However, on June 2, 2023, during a WordPress/plugin update, the malicious code was removed,” warns the iOttie data breach notification.
“Nevertheless, they could have obtained your credit card information to purchase our client’s product online at www. iOttie.com.”
iOttie has not shared how many customers were impacted but said that names, personal information, and payment information could have been stolen, including financial account numbers, credit and debit card numbers, security codes, access codes, passwords, and PINs.
This type of attack is known as MageCart, which is when threat actors hack online stores to inject malicious JavaScript into checkout pages. When a shopper submits their credit card information, the script steals the inputted data and sends it to the threat actors.
This data is then used to conduct financial fraud, identity theft, or sold to other threat actors on dark web marketplaces.
Due to the detailed information potentially exposed in this attack, all iOttie customers who purchased a product between April 12th and June 2nd should monitor their credit card statements and bank accounts for fraudulent activity.
While iOttie has not shared how they were breached, their online store is a WordPress site with the WooCommerce merchant plugin.
WordPress is one of the most commonly targeted website platforms by threat actors, with vulnerabilities often found in plugins that allow complete takeovers of sites or malicious code injection into WordPress templates.
As iOttie disclosed that the malicious code was removed with a plugin update, the hackers likely breached the site using a vulnerability in one of its WordPress plugins.
Recently, threat actors have been exploiting vulnerabilities in various WordPress plugins, including cookie consent banners, Advanced Custom Fields, and Elementor Pro.