Report: Online P&G beauty shop hit by hackers

Dan Berthiaume
Senior Editor, Technology
Dan Berthiaume profile picture

Malware has reportedly been stealing payment card data from a direct-to-consumer subsidiary of CPG giant Procter & Gamble.

According to information security and technology news site BleepingComputer, hackers initially placed malicious code designed to illegally harvest customer payment card information from the First Aid Beauty e-commerce site on May 5, 2019. Procter & Gamble purchased First Aid Beauty earlier this year and has kept the company’s retail site operational under its own banner.

The “MageCart” script placed by hackers into the site extracts card data from customers shopping from inside the U.S. who do not use the Linux operating system, reportedly to make it more difficult to detect. A security researcher said he discovered the script in mid-October and contacted First Aid Beauty several times in mid-October, but did not hear back. However, the retailer’s site is currently down. 

First Aid Beauty reportedly uses the most current version of the Magento e-commerce platform and has averaged 100,000 visitors a month for the past six months, 80% of them based in the U.S. 

“Magecart attacks exploit the website supply chain, including vendors who provide functionalities like product reviews, analytics and inventory management,” said Deepak Patel, security evangelist at PerimeterX. “These third-party vendors often lack adequate security controls to prevent code injection. Given the dynamic nature of today’s JavaScript code and third-party scripts and libraries, website owners should consider real-time monitoring of script executions for every user from within the browser.” 

To read the full article, click here.