A European sleeping mattress brand, Emma The Sleep Company, has confirmed that it suffered from a Magecart cyberattack that impacted its customers’ banking data from its official e-commerce website.
The affected customers of the mattress brand had been notified through email to inform them about their sensitive information being compromised to a cyberattack. The firm also detailed that the attack has targeted their website’s checkout process, where customers enter their financial data, which might be included in the compromise.
The mattress brand also confirmed that the hack transpired through their Magento e-commerce platform.
Based on a statement released by Emma The Sleep Company, the Magecart attack had impacted their clients from 12 different countries. The attack comprised a malicious code injected into their checkout pages that would skim the banking details of their customers who entered their details in the system.
The firm also added that they were taken aback by the attack since their e-commerce platform was updated with the newest security patches.
Magecart attacks are executed by threat actors via various skimming techniques, aiming to steal the financial details of customers in an e-commerce platform environment. The hackers will work their way into a targeted website, usually through third-party services, and inject malicious codes to embezzle all the sensitive data they need.
Further details shared by the mattress brand include confirming that its security measures had been evaded by the hackers using a highly developed process. The threat operators had also implemented technical processes to prevent security analysis that kept the firm from keeping track of the scripts being added to their website.
The firm is now processing the implementation of new CORS and CSP headers into its website to improve its capabilities in detecting similar attacks in the future. They have also immediately contacted relevant authorities to aid and probe the issue and removed the system’s threat to protect data security.
There are currently no reports about the compromised customer data being abused, but the mattress brand emphasized that customers must monitor their accounts in case of unusual transaction activities and immediately report it to authorities.