Industry Leader Comments On Truefire Hacked, Credit cards And Personal Info May Have Been Compromised

It has been reported that Tuition website TrueFire has informed users that an “unauthorised person” had access to the company’s computer system, and specifically to unencrypted information that was entered into its website, for a period of over five months. TrueFire, which boasts over 1 million users worldwide, explained that even though it does not store personal information itself, the ‘unauthorised user’ had potentially been able to harvest sensitive customer information as it was being entered into the site.

Experts Comments

March 18, 2020
Martin Jartelius
CSO
Outpost24
The symptoms described sound just like a normal Magecart attack, or at least based on the same setup. If the company have been leaking credit card details they do themselves need to implement a payment flow, and the sites should have been tested for PCI compliance, so it will be interesting to see where this goes if the issue has been present for a substantial amount of time.
March 18, 2020
Boris Cipot
Senior Sales Engineer
Synopsys
As always, it is unfortunate to hear when a website has been breached and user data has been compromised. As there is no saying what will happen with the accessed data or what has already happened, I would urge every user to call their bank/ credit card company and find out what the next steps should be going forward. One appropriate action might be the cancellation and replacement of the credit card with a new one. Furthermore, I would recommend that users change their passwords. Changing.....Read More
As always, it is unfortunate to hear when a website has been breached and user data has been compromised. As there is no saying what will happen with the accessed data or what has already happened, I would urge every user to call their bank/ credit card company and find out what the next steps should be going forward. One appropriate action might be the cancellation and replacement of the credit card with a new one. Furthermore, I would recommend that users change their passwords. Changing passwords every now and then not only serves as a good precaution, but also a good habit to have. However, it is important that users do not solely change their password on the breached site. Rather, instead of using the same password across several accounts as people tend to do, make sure to use a different password for each site. As there are many services that use your name, address and a credit card number as proof of identification, be on the lookout for attempts at identity theft. Talk to your bank/credit card company to see if they can give you a list of all the occasions when attempts were made to use your credit card. As previously mentioned, credit cards are not only used for payments. As such, it would also be ideal to change any pins or online passwords that are connected to the card in order to prevent further damage.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Share on facebook
Share on twitter
Share on linkedin

Recent Posts

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts