Industry Leader Comments On Truefire Hacked, Credit cards And Personal Info May Have Been Compromised

It has been reported that Tuition website TrueFire has informed users that an “unauthorised person” had access to the company’s computer system, and specifically to unencrypted information that was entered into its website, for a period of over five months. TrueFire, which boasts over 1 million users worldwide, explained that even though it does not store personal information itself, the ‘unauthorised user’ had potentially been able to harvest sensitive customer information as it was being entered into the site.

Subscribe
Notify of
guest

2 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Martin Jartelius
Martin Jartelius , CSO
InfoSec Expert
March 18, 2020 1:14 pm

The symptoms described sound just like a normal Magecart attack, or at least based on the same setup. If the company have been leaking credit card details they do themselves need to implement a payment flow, and the sites should have been tested for PCI compliance, so it will be interesting to see where this goes if the issue has been present for a substantial amount of time.

Last edited 2 years ago by Martin Jartelius
Boris Cipot
Boris Cipot , Senior Sales Engineer
InfoSec Expert
March 18, 2020 1:12 pm

As always, it is unfortunate to hear when a website has been breached and user data has been compromised. As there is no saying what will happen with the accessed data or what has already happened, I would urge every user to call their bank/ credit card company and find out what the next steps should be going forward. One appropriate action might be the cancellation and replacement of the credit card with a new one.

Furthermore, I would recommend that users change their passwords. Changing passwords every now and then not only serves as a good precaution, but also a good habit to have. However, it is important that users do not solely change their password on the breached site. Rather, instead of using the same password across several accounts as people tend to do, make sure to use a different password for each site.

As there are many services that use your name, address and a credit card number as proof of identification, be on the lookout for attempts at identity theft. Talk to your bank/credit card company to see if they can give you a list of all the occasions when attempts were made to use your credit card. As previously mentioned, credit cards are not only used for payments. As such, it would also be ideal to change any pins or online passwords that are connected to the card in order to prevent further damage.

Last edited 2 years ago by Boris Cipot
Information Security Buzz
2
0
Would love your thoughts, please comment.x
()
x