Major e-cigarette store hacked to steal credit card details

By Scott Marlette Last updated Feb 22, 2022

Element Vape, a popular online retailer selling e-cigarettes and accompanying accessories, has had its website compromised and loaded with the popular credit card skimmer, MageCart.

The news was revealed by BleepingComputer, whose analysts investigated the website’s code, and found the skimmer on the checkout page. The skimmer was stealing information such as email addresses, credit card numbers and expiration dates, phone numbers, billing addresses, and street and ZIP codes.

As soon as the existence of the skimmer was confirmed, the publication notified Element Vape, which reacted promptly, eliminating the malicious code from its website on the same day.

Recent attack

How the code ended up on the webpage in the first place remains a mystery, and it’s hard to tell if any of the company’s endpoints were infected with malware.

The name of the threat actor is also unknown. The publication says the data stolen gets exfiltrated to an obfuscated, hardcoded Telegram address.

What the investigation did discover is that the attack is most likely of a newer date, as the code wasn’t present on the site in early February this year.

Element Vape has been attacked before, BleepingComputer says. Back in 2018, it notified its customers of potentially leaking personally identifiable information (PII) to unknown threat actors.

The consumers filed a lawsuit, claiming the company did not notify affected individuals on time, and did not do all it could to prevent the incident from happening in the first place. The lawsuit was followed by a class-action one in 2019, demanding a trial by jury.

While the community’s response to Element Vape seems to be mostly positive, across social media, there are a few potential red flags, BleepingComputer hints. For example, in some U.S. states, it’s known as TheSY LLC, and has a Twitter userbase of 13,000. However, its tweets are protected, which is not what you’re used to seeing from a company.

Element Vape is yet to comment on the findings. Customers interacting with the company are advised to keep both eyes on their credit cards, for suspicious transactions.

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.