Contents:
Customers of SCUF Gaming, a global innovator and creator of high-performance gaming controllers are currently being informed that the company was the victim of a cyberattack that occurred this February.
According to BleepingComputer, SCUF Gaming’s website was hacked in order to install a malicious script utilized to steal customer financial data.
SCUF Gaming, which was founded in 2011, provides superior accessories and customized gaming controllers for consoles and PC that are used by both top professional video game players and casual gamers.
Magecart Attack
Customers of SCUF Gaming were the target of a web skimming attack that is also known e-Skimming, digital skimming, or Magecart.
The way it works is that hackers inject JavaScript-based scripts known as credit card skimmers into vulnerable online shops, enabling them to collect and steal financial and confidential information from customers. Following the attack, the threat actors sell the stolen data on underground forums or use it for malicious purposes.
In the case of SCUF Gaming, the malicious script was installed on the manufacturer’s online store after the hackers managed to obtain access to the company’s backend using third-party vendor logins.
The attackers gained access on February 3rd, and SCUF’s payment processor notified the company of suspicious behavior related to the credit cards used on its web store on February 18th.
As stated by SCUF Gaming, following a thorough investigation in collaboration with third-party forensic specialists, the payment skimmer was discovered and eliminated on March 16th.
The impacted customers received notifications stating:
Our investigation has determined that orders processed via PayPal were not compromised and that the incident was limited to payments or attempted payments via credit card between February 3rd and March 16th.
The potentially exposed data was limited to cardholder name, email address, billing address, credit card number, expiration date, and CVV.
The company didn’t make any comments about how many customers were affected during this incident in the notifications, but it informed the Maine Attorney General’s Office that a total of 32,645 people were impacted.
As mentioned by BleepingComputer, the PC & console controllers manufacturer also sent emails to its clients in May to notify them that their credit card details may have been compromised as a result of a data breach. The company advises them to keep an eye on their bank accounts for any unusual activity.
This communication does not mean that fraud did or will occur on your payment card account.
You should monitor your account and notify your card provider of any unusual or suspicious activity. As a precaution, you may wish to request a new payment card number from your provider.
At the moment, there are no further details on this incident. We will keep you updated.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.