Fitness Depot Breach – Comments

By   ISBuzz Team
Writer , Information Security Buzz | Jun 09, 2020 03:50 am PST

In a breach notification letter, Canadian retailer Fitness Depot, the largest specialty exercise equipment retailer in Canada with 40 stores nationwide, notified its customers that their personal and financial information was stolen following a breach of its e-commerce platform, which appears to be a Magecart attack.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Ameet Naik
Ameet Naik , Security Evangelist
June 9, 2020 11:51 am

The attackers in this case redirected users to a fake checkout page that was completely controlled by the malicious party. This is a common technique seen in Magecart attacks where the attackers are able to completely bypass all security controls present on the legitimate website, such as CSP or iframes.

Businesses need to ensure they adequately protect their web infrastructure and don’t rely on their ISP for this. Consumers shopping online need to be on the alert for errors during the checkout process, which could indicate a compromise.

Last edited 3 years ago by Ameet Naik

Recent Posts

Would love your thoughts, please comment.x