NutriBullet website hit by Magecart hackers

News
By published

Website breached multiple times with customer data stolen

(Image credit: Shutterstock.com)

Hackers have been able to break into NutriBullet’s website multiple times during the last few months, new research has found.

Known as Magecart Group 8, the group were able to inject malicious credit card-skimming malware on the blender maker's site. The criminals were able to get hold of personal details like card numbers, names, billing addresses, expiry dates and card verification numbers.

The attacks began on February 20, and could still be continuing today, although NutriBullet says it removed the malicious code from its site.

NutriBullet attack

According to security firm RiskIQ, the hackers were able to attach a card skimming tool to a javascript code library on NutriBullet’s website.

The data collected was shared to a server operated by these hackers to then be sold on the dark web. RiskIQ claims that its researchers had been trying to contact NutriBullet for over three weeks, but did not get a response. 

Yonathan Klijnsma, Head of research of RiskIQ, urged users not to use or shop on NutriBullet’s website till the company fixes the vulnerabilities and acknowledges their outreach.

NutriBullet’s chief information officer Peter Huh admitted its website had experienced intrusion and that the company will be working with the cyber-forensic research team to investigate. He, however, did not confirm if impacted users will be informed about the data breach.

This hacking group is said to have been able to hack over 200 websites using a similar method, having previously attacked companies like Amerisleep, Ticketmaster, British Airways, the American Cancer Society, Newegg and MyPillow.

There are eight known Magecart hacking groups and all of them work with an independent motive, “Their preferred tactic is focusing on individuals victims, avoiding the ‘shotgun approach’ many other Magecart groups take. The group 8 attackers and skims specific sites they seem to cherry-pick for a particular purpose.” RiskIQ said.

Via: TechCrunch

Jitendra Soni
Jitendra Soni

Jitendra has been working in the Internet Industry for the last 7 years now and has written about a wide range of topics including gadgets, smartphones, reviews, games, software, apps, deep tech, AI, and consumer electronics.  

Latest in Security
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Latest in News
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space
23andMe
23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
A phone showing a ChatGPT app error message
ChatGPT was down for many – here's what happened
AirPods Max with USB-C in every color
Apple's AirPods Max with USB-C will get lossless audio in April, but you'll need to go wired
More about security
An abstract image of digital security.

Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft

"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
A close up of a xenomorph with Earth reflected on its head in the Alien: Earth TV show teaser

Disney+ celebrates 5 years of streaming with 2025 lookahead – here are 3 movies and shows I can't wait to watch
See more latest
Most Popular
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
A new wave of blocks in Russia targets VPN apps and Cloudflare subnets
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
23andMe
23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
A screenshot from Indiana Jones and the Great Circle showing Indiana Jones
Indiana Jones and the Great Circle finally gets PS5 release date and I can't wait to don the fedora and crack the whip
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Tuesday, March 25 (game #387)