Blinds Purchase Leads to Darknet Hack Discovery

More than 200,000 customers of blinds and window jewelry are facing a data leak as hackers stole their credit card and personal information using malware that was implemented on the website of a large online retailer.

According to documents submitted by Selectblinds in California, employees discovered the harmful software on September 28, but it was present on the site at least until January 7. The attackers introduced malicious software on the order page, allowing them to collect data during user authorization on the site.

An investigation revealed that the leak compromised usernames and passwords, as well as names, email addresses, phone numbers, shipping addresses, and billing account information. The hackers also gained access to payment card numbers, expiration dates, and CVV codes, affecting a total of 206,238 customers.

To prevent further incidents, the company has blocked all accounts and advised customers to change their passwords. The skimmer has been completely removed from the site, with a focus on users who use the same passwords on multiple platforms, encouraging them to update their credentials immediately.

Skimmers have become a popular method for cybercriminals to steal data from payment pages on websites. Hackers often insert malicious JavaScript code on vulnerable sites to intercept credit card and personal information entered by users during the ordering process. This stolen data is then sold on the dark web for use in fraudulent activities.

Selectblinds, an online retailer of blinds and other window accessories based in Chandler, Arizona, is a subsidiary of Dutch manufacturer Hunter Douglas. The company has over 140 employees and generates an annual income of about $200 million.

In October, Jscrambler experts discovered a new digital skimming campaign that uses Unicode symbols, including many invisible ones, to hide a harmful code called Mongolian Skimmer. The primary goal of this skimmer is to steal confidential data entered on ordering pages of online stores, particularly financial information.

Additionally, in August, a cyberattack on numerous online stores using the Magento platform resulted in the introduction of a skimmer on those sites, which stole customer payment card data, including card numbers, expiration dates, and CVV/CVC codes. Malwarebytes experts provided detailed insight into how the hackers successfully stole this information.

/Reports, release notes, official announcements.