Hackers Used an E-Skimmer on HannaAndersson.com to Collect Sensitive Data, and Now It's Sold Online

Hanna Andersson Data Breach

Sometimes, cybercriminals want to make their presence known. In a ransomware attack, for example, you learn that something's wrong as soon as your files become unusable, and your screen displays the ransom note. In other cases, however, the attacks are silent and remain unnoticed for months. Children clothes retailer HannaAndersson.com, for example, was first hit by an e-skimmer attack in mid-September 2019, but it wasn't until December 5 that the company learned about the problem after law enforcement agencies told it that some of its customers' credit card details were traded on the underground markets. As for the said customers, they had no idea about the incident until earlier this month when Hanna Andersson finally sent out the data breach notifications.

In this particular case, the hackers were more than happy to remain under the radar because stealth is a key factor in any e-skimming operation.

What is an e-skimmer?

Some cybersecurity terms are more descriptive than others, and we reckon that "e-skimming" is fairly easy to understand. We're pretty sure that most of you are familiar with the concept of physical schemers that steal people's banking card details at ATMs and POS terminals. E-skimmers work in a similar way on online shops.

Usually, e-skimmers consist of several lines of JavaScript code that are injected on a website's checkout page. This code scrapes all the payment information users enter and sends it to the crooks. The criminals are interested in the most sensitive data – the card number, the cardholder name, the expiration date, the CVV code, and, in the case of Hanna Andersson, the shipping and billing addresses. In a well-executed attack, the retailer and the customer remain none the wiser, which means that the campaign can resume for a prolonged period of time.

Over the last few years, the popularity of e-skimmers has exploded. These tools are used by numerous cybercriminals with different skillsets and levels of sophistication. Not that long ago, the word Magecart was coined, which is now used as a common term for the many different versions of an e-skimmer used by numerous hacking groups spread all around the world. Currently, most cybersecurity experts agree that Magecart is one of the most formidable threats we're faced with.

Was Hanna Andersson hit by Magecart?

Plenty of news outlets have jumped to the conclusion that Hanna Andersson is just the next in a long line of Magecart victims, but the truth is, the word "Magecart" is nowhere to be found in the retailer's official announcement. In fact, if the notification is anything to go by, the incident didn't actually happen at Hanna Andersson.

The message reads that the malware actually affected Salesforce Cloud – the CRM platform used by Hanna Andersson. Potentially, this is bad news because Salesforce is a large company with plenty of customers. If there really is a problem in Salesforce's systems, the number of affected individuals could be significant.

The CRM service provider hasn't publicly confirmed or denied getting infected with any sort of malware, but a Hanna Andersson spokesperson told CyberScoop that a Salesforce team is helping with the investigation. Cybersecurity experts and representatives of the FBI and the Department of Homeland Security have been dispatched to assist as well, and we hope that we'll soon have more information on what actually happened.

In the meantime, people who bought goods from Hanna Andersson's online shop between September 16 and November 11 (when the malware was deleted) should be especially careful with their bank statements. The data breach notification letter says that not all customers were affected, but just in case, everyone that made a purchase during the aforementioned period is offered a year of identity theft protection and credit monitoring services for free. Those eligible should bear in mind that the enrolment deadline is April 15.

As we mentioned already, this is hardly the first attack of this sort, and you can be pretty sure that it won't be the last. Quite a few major online retailers have been hit, and it's safe to say that no online shop, no matter how big and popular it is, is safe. This means that even if you haven't received Hanna Andersson's data breach alert, you should still regularly check your bank statements for any transactions that you might not recognize.

By Duran
January 24, 2020
News
English
January 24, 2020
News

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

News

Hackers Breach Mixcloud and Sell Users' Data Online

After they breach an online service or a website, hackers usually try to monetize the data they've stolen by selling it either on the dark web or on one of the many hacking forums that are indexed by Google and are... Read more

December 3, 2019
News

A New Data Breach Affects Multiple Online Casinos

In theory, the constant stream of news about leaked data should raise awareness not only among users but also among service providers who can take these incidents as valuable lessons and learn from other people's... Read more

January 22, 2019
News

Security Researchers Expose Sensitive Data via Malware Analysis Sandboxes

Security experts at the UK-based threat intelligence company Cyjax have studied data submitted to three of our favorite online malware analysis sandboxes and discovered that much of the publicly accessible information... Read more

September 17, 2019
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.