Fitness Depot Breach – Comments

In a breach notification letter, Canadian retailer Fitness Depot, the largest specialty exercise equipment retailer in Canada with 40 stores nationwide, notified its customers that their personal and financial information was stolen following a breach of its e-commerce platform, which appears to be a Magecart attack.

Notify of

1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Ameet Naik
Ameet Naik , Security Evangelist
InfoSec Expert
June 9, 2020 11:51 am

The attackers in this case redirected users to a fake checkout page that was completely controlled by the malicious party. This is a common technique seen in Magecart attacks where the attackers are able to completely bypass all security controls present on the legitimate website, such as CSP or iframes.

Businesses need to ensure they adequately protect their web infrastructure and don’t rely on their ISP for this. Consumers shopping online need to be on the alert for errors during the checkout process, which could indicate a compromise.

Last edited 2 years ago by Ameet Naik
Information Security Buzz
Would love your thoughts, please comment.x