A pair of recent cyberattacks against kitchen product companies may bring forth visions of microwave ovens being set to expel X-rays or Wi-Fi enabled refrigerators being hacked and set to 100 degrees, but instead, in each case, the result was a data breach.
OXO International, a maker of kitchen utensils, and Discountmugs.com, which sells a variety of promotional materials including mugs, glassware and dinnerware, each reported attacks.OXO in its breach letter of notification to the California attorney general’s office said its e-commerce site was likely breached from June 9, 2017 to November 28, 2017, June 8, 2018 to June 9, 2018, and from July 20, 2018 to October 16, 2018. During these periods that attackers gained access to customer’s names, billing and shipping addresses and credit card information.
The malware retrieving the data was removed after it was discovered in December and the company has conducted an investigation, removed the malware and asked customers to change their login credentials.
Discountmugs.com said in its breach letter the company said anyone who used a credit card to make a purchase between August 5, 2018, and November 16, 2018 may have had their name, address, phone number, email address, payment card number and expiration date compromised.
Although neither victim named an attacker, these incidents are similar to the point-of-sale scraping attacks conducted by the cybergang Magecart over the last several months. The group’s other victims include British Airways, Newegg and Tickemaster.
OXO International, a maker of kitchen utensils, and Discountmugs.com, which sells a variety of promotional materials including mugs, glassware and dinnerware, each reported attacks.OXO in its breach letter of notification to the California attorney general’s office said its e-commerce site was likely breached from June 9, 2017 to November 28, 2017, June 8, 2018 to June 9, 2018, and from July 20, 2018 to October 16, 2018. During these periods that attackers gained access to customer’s names, billing and shipping addresses and credit card information.
The malware retrieving the data was removed after it was discovered in December and the company has conducted an investigation, removed the malware and asked customers to change their login credentials.
Discountmugs.com said in its breach letter the company said anyone who used a credit card to make a purchase between August 5, 2018, and November 16, 2018 may have had their name, address, phone number, email address, payment card number and expiration date compromised.
Although neither victim named an attacker, these incidents are similar to the point-of-sale scraping attacks conducted by the cybergang Magecart over the last several months. The group’s other victims include British Airways, Newegg and Tickemaster.
