Ethical Hacking News
Green Bay Packers' online store was compromised by an attacker who used sophisticated techniques to steal customers' personal and payment information. The breach serves as a reminder of the importance of prioritizing cybersecurity measures.
The Green Bay Packers' official online retail store was compromised by a cyberattack. A card skimmer script was injected into the checkout page, stealing customers' personal and payment information. The attack occurred between late September and early October 2024, with limitations on what information could be intercepted. Sophisticated techniques, including JSONP callback and YouTube's oEmbed feature, were used to bypass security measures. The breach exposed sensitive customer information, including names, addresses, email addresses, and credit card data. The Packers have taken steps to improve cybersecurity, including hiring experts and requiring the vendor to remove malicious code.
The world of online shopping has become increasingly sophisticated, with numerous retailers and e-commerce platforms relying on complex systems to process transactions. However, in the recent past, a prominent example has come to light where an infamous cyberattack compromised one such entity – Green Bay Packers' official online retail store.
A report by Sergiu Gatlan, detailing the breach, reveals that on October 23, 2024, the Packers’ Director of Retail Operations, Chrysta Jorgensen, was alerted to the presence of malicious code inserted on the Pro Shop website. In response to this alert, the team promptly disabled all payment and checkout capabilities on the Pro Shop website, initiating an immediate investigation into the breach.
The aftermath of the attack led to the discovery that a threat actor had injected a card skimmer script into the online store's checkout page. This malicious code was designed to steal customers' personal and payment information. The investigation conducted by the Packers revealed that this attack occurred between late September and early October 2024, albeit with certain limitations – namely, the attacker could not intercept information from payments made using a gift card, Pro Shop website account, PayPal, or Amazon Pay.
As per the report submitted to potentially affected individuals by Chrysta Jorgensen, the malicious code used in this attack employed a combination of sophisticated techniques, including a JSONP callback and YouTube's oEmbed feature. By bypassing Content Security Policy (CSP), this script was able to harvest data from input, select, and textarea fields on the site and exfiltrate it to an external server.
The attack resulted in the exposure of sensitive customer information, including names, addresses (billing and shipping), email addresses, as well as credit card types, numbers, expiration dates, and verification numbers. It is essential for customers to be vigilant about their account statements and report any suspected incidents of identity theft or fraud attempts without delay.
In light of this incident, the Packers have taken measures to safeguard their Pro Shop website by hiring outside cybersecurity experts to investigate the breach's impact and identify any remaining vulnerabilities. Moreover, they have required the vendor that hosts and manages the Pro Shop website to remove the malicious code from the checkout page, refresh its passwords, and confirm there were no remaining vulnerabilities.
The incident also serves as a reminder of the ever-evolving nature of cyber threats and their ability to exploit even seemingly secure systems. It is crucial for individuals and organizations alike to prioritize cybersecurity and implement robust security measures to protect against such attacks.
In conclusion, this breach highlights the importance of vigilance in the digital age and underscores the need for continuous improvement in cybersecurity practices. As technology advances at a rapid pace, so too must our defenses against cyber threats.
Green Bay Packers' online store was compromised by an attacker who used sophisticated techniques to steal customers' personal and payment information. The breach serves as a reminder of the importance of prioritizing cybersecurity measures.
Related Information:
https://www.bleepingcomputer.com/news/security/green-bay-packers-online-store-hacked-to-steal-credit-cards/
https://cybernews.com/news/green-bay-packers-shop-data-breach/
https://www.greenbaypressgazette.com/story/sports/nfl/packers/2023/12/21/packers-see-a-spike-in-online-retail-fraud-this-holiday-season-green-bay/71991323007/
Published: Tue Jan 7 10:51:45 2025 by llama3.2 3B Q4_K_M
