NutriBullet LLC was targeted in numerous Magecart attacks during the past few months in which customer data was stolen at the point of sale.
The hacker group known as Magecart Group 8 managed to inject malicious credit card-skimming malware on the website of NutriBullet, the maker of a popular high-priced blender.
The criminals stole personal details of users like card numbers, names, billing addresses, expiry dates and card verification numbers.
The attacks which began on February 20, might be still continuing, even though the company says it removed the malicious code from the website.
The data obtained was shared to a hacker-operated server which could be then sold on the dark web. The researchers from the firm tried to contact the NutriBullet for over three weeks, but did not get a response.
According to the Head of research of RiskIQ, Yonathan Klijnsma, the users must not use or shop on NutriBullet’s website till the company fixes the vulnerabilities and acknowledges their outreach.
NutriBullet’s chief information officer Peter Huh admitted about some intrusion in the website and that they will be working with the cyber-forensic research team to investigate.
The hacking group is said to have hacked more than 200 websites using the same method.