As reported by TechCrunch, Magecart hackers have struck again, this time targeting the NutriBullet website. Hackers broke into the blender maker’s website several times over the past two months, injected malicious credit card-skimming malware on its payment pages and siphoned off the credit card numbers and other personal data — like names, billing addresses, expiry dates and card verification values — of unsuspecting blender buyers.
At a time like this, many companies may take their eye off the ball, but these threat actors are persistent and will exploit anywhere they can. The automated nature of these attacks suggests that the code used in the website was not properly secured as the attackers were able to automatically spot which sites had vulnerabilities. This highlights the need for web developers, especially ones dealing with inputs of sensitive information like credit cards, to keep updated for any discovered vulnerabilities to reduce exposure. The likes of Ticketmaster and British Airways have been struck in the past like this so these attackers are aiming big.