ZAGG Inc. is informing customers that their credit card data has been exposed to unauthorized individuals after hackers compromised a third-party application provided by the company’s e-commerce provider, BigCommerce.
ZAGG is a consumer electronics accessories maker known for its mobile accessories, such as screen protectors, phone cases, keyboards, and power banks. The Utah-based company has an annual revenue of $600 million.
According to the letter sent to impacted individuals, the attacker breached the FreshClicks app provided by BigCommerce and injected malicious code that stole shoppers’ card details.
“We learned that an unknown actor injected into the FreshClick app malicious code that was designed to scrape credit card data entered as part of the checkout process for certain ZAGG.com customer transactions between October 26, 2024 and November 7, 2024.” – ZAGG
BigCommerce is an Austin-based software-as-a-service (SaaS) e-commerce platform provider that serves a diverse range of businesses, from small enterprises to large corporations, across various industries and regions.
FreshClick is a third-party app that helps create applications and responsive websites for the BigCommerce platform. It is designed to enhance the functionality of electronic stores and improve customer experience.
Although FreshClick isn’t developed directly by BigCommerce, it is offered through the platform’s app marketplace, which is a curated space for merchants to find and install add-ons for their shops.
In a statement for BleepingComputer, BigCommerce emphasized that its systems were not breached or compromised. Using internal tools, BigCommerce discovered that the FreshClicks App had been hacked and uninstalled it from its customers’ stores.
“Using our internal tools and in communication with the partner, we verified the third-party FreshClicks App was compromised. Acting in the best interest of our customers and their shoppers, we immediately uninstalled the app in their stores, which removed any compromised APIs and malicious code” – BigCommerce
As a result of this data breach, the attacker stole names, addresses, and payment card data belonging to shoppers at zagg.com between October 26 and November 7, 2024.
In response to this incident, ZAGG implemented remediation measures, notified federal law enforcement and regulators, and arranged for impacted individuals to receive a free-of-charge, 12-month credit monitoring service through Experian.
Letter recipients were also advised to monitor financial account activity closely, place fraud alerts, and consider placing a credit freeze.
ZAGG has not disclosed yet how many customers were impacted by this security breach.
BigCommerce’s store currently lists six add-ons created by FreshClick, which collectively have 178 reviews. However, the compromised plugin may have been temporarily removed.
Source link