Menu
Bayou Technologies | Lake Charles, Louisiana | Technology | Cybersecurity | Communication | Marketing
Computer IT Services & Marketing
  • Technology
    • Managed Services
    • Computer Repair
    • Consulting
  • Cybersecurity
    • BDR
    • Network Security
    • Computer Security
    • Data Recovery
  • Communication
    • Cabling
    • Wireless Networking
    • Phones
  • Marketing
    • Website Development
    • Search Engine Optimization
    • Social Media & Online Presence
    • Location Scan
    • Website & Email Management
    • Online Advertising
    • Multimedia Design
    • Newsletter
  • CALL: 337-214-1172
Widgets

HOME  |  BLOG  |  REMOTE SUPPORT

Home
Support
Blog
Contact
Close Menu
Recent Breach Targeted MyPillow And Amerisleep Customer Data
April 13 2019

Recent Breach Targeted MyPillow And Amerisleep Customer Data

wukovits Blog, Branding, General Interest, Recent News, Security

If you’ve purchased bedding from either MyPillow or Amerisleep, your data may have been compromised. These companies are two popular mattress and bedding merchants operating in the US. This is according to a recent report coming to us from RiskIQ. The hacking group Magecart appears to be behind both breaches, which is bad news for both companies and their customers.

That is because Magecart is one of the most talented and active hacker groups on the scene today, having launched a number of successful attacks against high profile targets that have included Ticketmaster, Feedify, Shopper Approved, Newegg, and British Airways.

MyPillow entered into Magecart’s crosshairs in October 2018, when the group compromised MyPillow’s e-commerce and sales platform and began skimming credit card information submitted by the company’s customers. The group also registered a similar domain, mypiltow.com and utilized ‘Let’s Encrypt’ to implement an SSL certificate.  Unsuspecting visitors to the site had no idea they were on a domain controlled by the hacking group.

According to RiskIQ researcher Yonathan Klijnsma, “…this type of domain registration typosquatting means that the attackers had already breached MyPillow and started setting up infrastructure in its name.”

Within a month’s time, the hacking group moved onto the second phase of its attack, registering a new website called livechatinc.org, which mimicked the Live chat used by MyPillow.  With a poisoned script already running inside the company’s infrastructure, Magecart was able to mimic the genuine tag used by the live support service. This was so that by all outward appearances, customers believed they were chatting with an actual MyPillow employee.

The attack on AmeriSleep dates back a bit further to April 2017, but followed a similar pattern.  The skimmer remained in operation between April through October of 2017.  The company rid themselves of Magecart’s malicious software, only to come under attack again in December 2017.

In both cases, the skimmer domains have been taken offline, but both companies are still dealing with the malicious code injection issues. RiskIQ notes that given Magecart’s history, even when both companies clear their servers of malicious code, they’re likely to be re-infected in short order.  Watch your credit card statements if you’ve made a purchase from either company.

Used with permission from Article Aggregator

Windows 10 Will Get New Update Feature Millions Of Facebook Usernames And Passwords Stored By Accident

Related Posts

Gen Intel Processors May Get Built In Ransomware Protection

Blog, General Interest, New Technology, Ransomware, Recent News, Security, Technology News

Gen Intel Processors May Get Built In Ransomware Protection

Firefox To Follow Chrome in Backspace Keyboard Functionality Change

Blog, Chrome, Mozilla Firefox, Recent News, Technology News

Firefox To Follow Chrome in Backspace Keyboard Functionality Change

Even Big Companies Like Nissan Get Hacked

Blog, Branding, Data Breach, General Interest, Recent News, Security, Technology News

Even Big Companies Like Nissan Get Hacked

Recent Posts

  • Gen Intel Processors May Get Built In Ransomware Protection
  • Firefox To Follow Chrome in Backspace Keyboard Functionality Change
  • Even Big Companies Like Nissan Get Hacked

Archives

Categories

Get a Domain Registered


$.99* .COM Domain! Get going with GoDaddy!

Back To Top
Bayou Technologies | Lake Charles, Louisiana | Technology | Cybersecurity | Communication | Marketing
  • Home
  • Technology
  • Cybersecurity
  • Communication
  • Marketing
  • Newsletter
  • Blog
  • Support
  • Contact

BBB Logo

Bayou Technologies, LLC
✖
Bayou Technologies is a BBB Accredited Busines
A+
On a scale of A+ to F

Reviewed, Evaluated and Accredited

Meets All 26 Standards of Accreditation

BBB Accredited since 1/1/2012

Click here for BBB Business Report on Bayou Technologies, LLC

BBB Accredited:

BBB Rating as of:

Verify Bayou Technologies, LLC
Bayou Technologies, LLC © 2019
Website Development and Marketing in Lake Charles, Louisiana
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are as essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.