Fitness Depot Breach – Comments

In a breach notification letter, Canadian retailer Fitness Depot, the largest specialty exercise equipment retailer in Canada with 40 stores nationwide, notified its customers that their personal and financial information was stolen following a breach of its e-commerce platform, which appears to be a Magecart attack.

Experts Comments

June 09, 2020
Ameet Naik
Security Evangelist
PerimeterX
The attackers in this case redirected users to a fake checkout page that was completely controlled by the malicious party. This is a common technique seen in Magecart attacks where the attackers are able to completely bypass all security controls present on the legitimate website, such as CSP or iframes. Businesses need to ensure they adequately protect their web infrastructure and don’t rely on their ISP for this. Consumers shopping online need to be on the alert for errors during the.....Read More
The attackers in this case redirected users to a fake checkout page that was completely controlled by the malicious party. This is a common technique seen in Magecart attacks where the attackers are able to completely bypass all security controls present on the legitimate website, such as CSP or iframes. Businesses need to ensure they adequately protect their web infrastructure and don’t rely on their ISP for this. Consumers shopping online need to be on the alert for errors during the checkout process, which could indicate a compromise.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.