The website of Tupperware was breached by hackers and inserted malicious code on its website to collect payment card details from the users. The malicious code was in the Tupperware homepage for at least five days.
Tupperware is a US company famous for its plastic food container products. Malwarebytes, the US cyber-security firm first identified the malicious code on March 20 and they tried to contact the company which went unanswered.
The malicious code on the website works by mimicking the company’s official payment form. When a user tried to make a payment, the malicious code creates an iframe that floats over the page and shows a cloned payment form that imitates Tupperware’s original VISA CyberSource payment form.
The cloned form then collects the data entered by users, like first and last name, billing address, telephone number, credit card number, credit card expiry date, and credit card CVV code, and sends this information to a remote server.
Jérôme Segura, a malware researcher stated that the criminals designed their skimmer attack in such a way that the shoppers first enter their data into the rogue iframe and then immediately an error is shown, concealed as a session time-out.
The attackers can then reload the page with the legitimate payment form. Noe the victims will enter their information a second time, but by then, the data theft has already happened.
The malicious code called a web skimmer, or Magecart script also ran on Tupperware’s localized pages. But the malicious form is easy to find when the Tupperware site runs in a local language as the malicious form is displayed in English.
The Tupperware website is ranked in the Alexa Top 100,000 most popular sites on the internet and has around one million visitors per month on an average.
As of now the Tupperware has removed the malicious code from its servers.