Data Breaches

Hackers collect payment details, user passwords from 4,600 sites


Hackers have breached analytics service Picreel and open-source project Alpaca Forms and have modified JavaScript files on these two company’s infrastructures to insert malicious code on more than 4,600 websites.

The attack is under way and the malicious scripts are still live. These two hacks were found by the Sanguine Security founder Willem de Groot which was confirmed by various other security researchers.

Picreel is an analytics service that permits the site owners to record what users are doing and how they interact with a website to analyze behavioral patterns and boost conversation rates. The website owners or the customers of Picreel are supposed to insert a piece of JavaScript code on their sites to let Picreel do this task. This is the script that was compromised by the attackers to add malicious code.

Alpaca Forms is an open-source project for building web forms which was originally developed by the enterprise CMS provider Cloud CMS and open-sourced eight years ago. Cloud CMS provides a free CDN (content delivery network) service for the project and it was the one that was breached by the hackers. They also modified one of the Alpaca Form scripts.

Cloud CMS CTO Michael Uzquiano, stated that hackers have compromised only one Alpaca Forms JavaScript file on its CDN, and nothing else.

At present, the details of how hackers breached Picreel or the Cloud CMS’s Alpaca Forms CDN is not known. The malicious code logs everything which the user types inside form fields and sends the information to a server located in Panama. These includes data that users enter on checkout/payment pages, contact forms, and login sections.

The malicious code embedded in the Picreel script has been seen on 1,249 websites, while the Alpaca Forms one has been seen on 3,435 domains.

Cloud CMS has taken down the CDN that was serving the tainted Alpaca Forms script. The company has clarified that there wasn’t any security breach or security issue with Cloud CMS, its customers or its products.

These kinds of attacks called the supply-chain attacks have become common in the past two years. Hackers have nowadays started targeting smaller businesses that provide “secondary code” to the high-profile websites, and thousand others. They targeted providers of chat widgets, live support widgets, analytics companies, and more.

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    US charges Chinese hacker for 2015 Anthem hack

    Previous article

    Turkey fines Facebook for December 2018 Data Breach

    Next article

    You may also like


    Leave a reply

    Your email address will not be published. Required fields are marked *