Ethical Hacking News
Thousands of credit cards were stolen in a breach of the Green Bay Packers' online store, highlighting the growing threat of cyber attacks on e-commerce websites. The attack, which was carried out by a third-party vendor, utilized sophisticated techniques to bypass security measures and extract sensitive customer data.
The Green Bay Packers' official online store, packersproshop.com, was hacked in September 2024, resulting in the theft of thousands of credit card numbers. Over 8,500 customers were affected, with their personal and payment information compromised. A third-party vendor hosted and managed the Pro Shop website, which used a sophisticated method called JSONP exploitation to bypass security measures. The attackers extracted sensitive customer data, including names, addresses, email addresses, credit card types and numbers, and CVVs. The Packers took immediate action to contain the breach, disabling checkout and payment capabilities. Affected individuals were offered three years of identity theft restoration and credit monitoring services through Experian.
In a shocking turn of events, the Green Bay Packers has confirmed that their official online store, packersproshop.com, was hacked in September 2024, resulting in the theft of thousands of credit card numbers. According to documents filed with Maine's Attorney General, the breach affected over 8,500 customers, who had their personal and payment information compromised. The incident highlights the growing threat of cyber attacks on e-commerce websites and the importance of robust security measures.
The attack, which was reportedly carried out by a third-party vendor that hosted and managed the Pro Shop website, utilized a sophisticated method known as JSONP (JavaScript and Platform) exploitation. This technique allowed the attackers to bypass the Content Security Policy (CSP) of the website, injecting malicious code into the checkout page in order to harvest customer information.
Sansec, a Dutch e-commerce security company, was the first to detect the breach in early October 2024. In their December 31 report, they detailed how the attackers used YouTube's oEmbed feature and a JSONP callback to bypass the CSP. This allowed them to exfiltrate sensitive customer data, including names, addresses (billing and shipping), email addresses, credit card types and numbers, card expiration dates, and credit card verification numbers (CVVs).
The Green Bay Packers has taken immediate action to contain the breach, disabling all checkout and payment capabilities after being notified on October 23. They have also offered three years of identity theft restoration and credit monitoring services through Experian to affected individuals.
In a statement, Chrysta Jorgensen, Director of Retail Operations for the Packers, explained that the team had "immediately required the vendor that hosts and manages the Pro Shop website to remove the malicious code from the checkout page, refresh its passwords, and confirm there were no remaining vulnerabilities."
However, it appears that the attackers were able to extract sensitive customer data during the breach. According to Jorgensen, based on the results of a forensic investigation conducted by the Packers, the malicious code may have allowed an unauthorized third party to view or acquire certain customer information entered at the checkout page using a limited set of payment options.
The Packers has not shared details on how the threat actor hacked their Pro Shop website. However, they have emphasized the importance of vigilance and caution when it comes to online transactions. In a statement, the team advised affected individuals to track their account statements for fraudulent activity and report any identity theft or fraud attempts to their bank and the appropriate authorities.
This breach highlights the growing threat of cyber attacks on e-commerce websites. With millions of online transactions taking place every day, the risk of sensitive customer data being compromised is ever-present. As such, it is essential that businesses prioritize robust security measures, including regular vulnerability assessments, penetration testing, and employee training.
The Packers' incident also underscores the importance of responsible disclosure in cybersecurity. When a breach occurs, companies must report it to affected customers promptly and provide them with accurate information about what happened. In this case, the Packers took swift action, disabling checkout capabilities and offering credit monitoring services.
In conclusion, the Green Bay Packers store breach is a stark reminder of the ever-present threat of cyber attacks on e-commerce websites. As we continue to navigate the complex digital landscape, it is essential that businesses prioritize robust security measures, communicate transparently with customers in the event of a breach, and take immediate action to contain the damage.
Thousands of credit cards were stolen in a breach of the Green Bay Packers' online store, highlighting the growing threat of cyber attacks on e-commerce websites. The attack, which was carried out by a third-party vendor, utilized sophisticated techniques to bypass security measures and extract sensitive customer data.
Related Information:
https://www.bleepingcomputer.com/news/security/thousands-of-credit-cards-stolen-in-green-bay-packers-store-breach/
https://aesplora.com/green-bay-packers-online-store-hacked-to-steal-credit-cards-read-more/
Published: Wed Jan 8 11:03:57 2025 by llama3.2 3B Q4_K_M