ZAGG Inc. is informing clients that their bank card information has been uncovered to unauthorized people after hackers compromised a third-party software offered by the corporate’s e-commerce supplier, BigCommerce.
ZAGG is a shopper electronics equipment maker recognized for its cell equipment, reminiscent of display screen protectors, telephone circumstances, keyboards, and energy banks. The Utah-based firm has an annual income of $600 million.
In line with the letter despatched to impacted people, the attacker breached the FreshClicks app offered by BigCommerce and injected malicious code that stole buyers’ card particulars.
“We realized that an unknown actor injected into the FreshClick app malicious code that was designed to scrape bank card information entered as a part of the checkout course of for sure ZAGG.com buyer transactions between October 26, 2024 and November 7, 2024.” – ZAGG
BigCommerce is an Austin-based software-as-a-service (SaaS) e-commerce platform supplier that serves a various vary of companies, from small enterprises to massive firms, throughout numerous industries and areas.
FreshClick is a third-party app that helps create functions and responsive web sites for the BigCommerce platform. It’s designed to reinforce the performance of digital shops and enhance buyer expertise.
Though FreshClick isn’t developed instantly by BigCommerce, it’s supplied by means of the platform’s app market, which is a curated area for retailers to search out and set up add-ons for his or her retailers.
In an announcement for BleepingComputer, BigCommerce emphasised that its programs weren’t breached or compromised. Utilizing inside instruments, BigCommerce found that the FreshClicks App had been hacked and uninstalled it from its clients’ shops.
“Utilizing our inside instruments and in communication with the accomplice, we verified the third-party FreshClicks App was compromised. Appearing in the perfect curiosity of our clients and their buyers, we instantly uninstalled the app of their shops, which eliminated any compromised APIs and malicious code” – BigCommerce
On account of this information breach, the attacker stole names, addresses, and fee card information belonging to buyers at zagg.com between October 26 and November 7, 2024.
In response to this incident, ZAGG carried out remediation measures, notified federal legislation enforcement and regulators, and organized for impacted people to obtain a free-of-charge, 12-month credit score monitoring service by means of Experian.
Letter recipients had been additionally suggested to observe monetary account exercise carefully, place fraud alerts, and contemplate putting a credit score freeze.
ZAGG has not disclosed but what number of clients had been impacted by this safety breach.
BigCommerce’s retailer at present lists six add-ons created by FreshClick, which collectively have 178 evaluations. Nonetheless, the compromised plugin could have been briefly eliminated.
