Security News

People who made purchases from the official Tupperware website over the past couple of weeks may have had their payment card information stolen, cybersecurity firm Malwarebytes warned on Wednesday. The credit card skimmer was planted on the main website and some of its localized versions, Malwarebytes said.

Infosec firm Malwarebytes, which made the discovery, has gone public with its findings today after alleging Tupperware ignored attempts to alert it and to get the malware removed from its payment processing pages. "On March 20, Malwarebytes identified a targeted cyberattack against household brand Tupperware and its associated websites that is still active today. We attempted to alert Tupperware immediately after our discovery, but none of our calls or emails were answered," said Malwarebyes in a statement.

Online guitar tutoring website TrueFire has apparently suffered a 'Magecart' style data breach incident that may have potentially led to the exposure of its customers' personal information and payment card information. TrueFire is one of the popular guitar tutoring websites with over 1 million users, where wanna-be-guitarists pay online to access a massive library of over 900 courses and 40,000 video lessons.

Online guitar tutoring website TrueFire has apparently suffered a 'Magecart' style data breach incident that may have potentially led to the exposure of its customers' personal information and payment card information. TrueFire is one of the popular guitar tutoring websites with over 1 million users, where wanna-be-guitarists pay online to access a massive library of over 900 courses and 40,000 video lessons.

Crooks are constantly dreaming up new ways to use and conceal stolen credit card data. According to the U.S. Secret Service, the latest scheme involves stolen card information embedded in barcodes affixed to phony money network rewards cards.

Convenience store giant Wawa Inc. said Tuesday it is responding to reports that hacked information from its customers' credit cards may be being sold on the dark web. The company said in a news release that customers who may be affected can obtain free credit monitoring and identity theft protection.

Aleksai Burkov, a Russian cybercriminal responsible for over $20m in credit card fraud, pleaded guilty last week for access device fraud, identity theft, computer intrusion, wire fraud, and money laundering, after being indicted four years ago for operating a carding website called Cardplanet. This website, which ran from 2009 until 2013, served as a forum for cybercriminals to buy and sell credit card details stolen from victims.

The Indonesian National Police in a joint press conference with Interpol and cybersecurity firm Group-IB earlier today announced the arrest of three Magecart-style Indonesian hackers who had compromised hundreds of international e-commerce websites and stolen payment card details of their online shoppers. Group-IB helped Interpol identifying the suspects with its digital forensics expertise and "During the special operation, Indonesian Cyber Police seized laptops, mobile phones of various brands, CPU units, IDs, BCA Token, and ATM cards."

Aleksei Burkov, a 29-year-old Russian hacker, on Thursday pleaded guilty to multiple criminal charges for running two illegal websites that helped cyber criminals commit more than $20 million in credit card fraud. The first website Burkov operated was an online marketplace for buying and selling stolen credit card and debit card numbers-called Cardplanet-which roughly hosted 150,000 payment card details between the years 2009 and 2013.

That's pretty slow for thieves' bots & scripts to grab it and test it, said a researcher who posted his card online.