iOttie, a famous manufacturer of mobile device car mounts, chargers, and accessories in the US, suffered a MageCart data breach in April this year.

Revealing this incident, iOttie created a notification asking its users to monitor their bank and credit statements for suspicious transactions, as sensitive data like their names, credit card data, and passwords were leaked in the incident.

Stealing Data From Shopping Sites

To the unknown, online shopping websites are often targeted with MageCart attacks – where a threat actor injects a malicious JavaScript code into the site’s checkout page to steal any inputted data by visiting customers.

This technique has long been in practice despite regular measures from the site owners, and the sensitive data of millions of shoppers are stolen every year. The latest in this pursuit is iOttie, a US-based mobile device car mounts and accessories maker that had its customer data leaked.

Sharing a breach notification yesterday, iOttie said it suffered a MageCart attack on its shopping site in early April, where the threat actor had been lurking around for the next two months! Though they kicked their malicious script with a WordPress/plugin update, the damage has already been done!

iOttie says the personal and financial information of its customers – like their names, bank account numbers, credit and debit card numbers, security codes, access codes, passwords, and PINs have been stolen. Though iOttie didn’t mention how many customers were impacted, nor how it got breached, it warns the customers to be vigilant.

iOttie customers who purchased products between April 12th and June 2nd should check their credit card statements and bank accounts for potentially fraudulent activity. As such attacks are common in nature, online shoppers should be mindful while entering any sensitive data on any site.