ZAGG Inc. informs its prospects that their bank card information has been uncovered to unauthorized events after hackers compromised a third-party utility offered by the corporate’s e-commerce supplier, BigCommerce.
ZAGG is a client electronics equipment producer recognized for its cell equipment reminiscent of display protectors, telephone circumstances, keyboards, and energy banks. The Utah-based firm has annual income of $600 million.
In response to the letter despatched to affected folksThe attacker breached the FreshClicks app offered by BigCommerce and injected malicious code that stole buyers’ card information.
“Now we have discovered that an unknown actor injected the FreshClick app with malicious code designed to extract bank card information entered as a part of the checkout course of for sure ZAGG.com buyer transactions between October 26, 2024 and on November 7, 2024.” -ZAGG
BigCommerce is an Austin-based software-as-a-service (SaaS) e-commerce platform supplier serving a variety of companies, from small companies to giant companies, throughout numerous industries and areas.
FreshClick is a third-party utility that helps construct responsive web sites and apps for the BigCommerce platform. It’s designed to enhance the performance of e-stores and enhance buyer expertise.
Though FreshClick is just not developed straight by BigCommerce, it’s supplied by way of the platform’s app market, which is a curated area for retailers to search out and set up plugins for his or her shops.
In an announcement to BleepingComputer, BigCommerce emphasised that its methods weren’t breached or compromised. Utilizing inside instruments, BigCommerce found that the FreshClicks app had been hacked and uninstalled it from its prospects’ shops.
“Utilizing our inside instruments and speaking with the companion, we verified that the third-party FreshClicks app was compromised. Performing in one of the best curiosity of our prospects and their buyers, we instantly uninstalled the app of their shops, eradicating any compromised API and malicious code ” – BigCommerce
Because of this information breach, the attacker stole names, addresses, and cost card particulars of buyers on zagg.com between October 26 and November 7, 2024.
In response to this incident, ZAGG applied corrective measures, notified federal authorities and regulators, and organized for affected people to obtain free credit score monitoring service for 12 months by way of Experian.
Recipients of the letters had been additionally suggested to carefully monitor monetary account exercise, place fraud alerts and take into account freezing credit score.
ZAGG has not but revealed what number of prospects had been affected by this safety breach.
The BigCommerce retailer at the moment listed six plugins created by FreshClick, which collectively have 178 critiques. Nevertheless, the compromised plugin could have been briefly eliminated.
