fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Warner Music Group Finds Hackers Compromised Its Online Stores

Warner Music Group Finds Hackers Compromised Its Online Stores

Warner Music Group finds hackers compromised its online stores

Image: Jared Arango

Warner Music Group (WMG), the third-largest global music recording company, has disclosed a data breach affecting customers’ personal and financial information after several of its US-based e-commerce stores were hacked in April 2020 in what looks like a Magecart attack.

With a history of over 200 years, WMG has more than 3,500 employees and it operates in over 70 countries via a network of subsidiaries, affiliates, and non-affiliated licensees.

WMG also owns the Warner Chappell Music music publisher and some of the most successful recording labels in the world including but not limited to Elektra, Warner Records, Atlantic, Warner Classics, Parlophone, and Warner Music Nashville.

US online stores compromised since April

The company said that the incident involved multiple e-commerce websites it operates via an external service provider and that the security breach may have enabled hackers to steal personal info entered into the sites

“On August 5, 2020, we learned that an unauthorized third party had compromised a number of US-based e-commerce websites WMG operates but that are hosted and supported by an external service provider,” the company said in a breach notification letter sent to affected individuals.

“This allowed the unauthorized third party to potentially acquire a copy of the personal information you entered into one or more of the affected website(s) between April 25, 2020 and August 5, 2020.”

Even though WMG’s investigation didn’t find any signs of information being exfiltrated, it doesn’t exclude the possibility of it happening and warns affected individuals of the risk of fraudulent activity that could be carried out using stolen personal and financial details during the attack.

Also read: The Scope Of Singapore Privacy: How We Use It In A Right Way

Credit card details potentially stolen

WMG also said that all information entered by those affected in the compromised online stores was potentially harvested and stolen by the attackers after placing items in the shopping carts.

Potentially stolen information could have included the customers’ names, email addresses, telephone numbers, billing addresses, shipping addresses, and payment card details (card number, CVC/CVV, and expiration date).

However, per WMG’s letter, information entered while making payments through PayPal on the hacked e-commerce sites was not affected.

“Upon discovering the incident we immediately launched a thorough forensic investigation with the assistance of leading outside cybersecurity experts and promptly took steps to address and correct the issue,” WMG added. “We also notified the relevant credit card providers as well as law enforcement, with whom we continue to cooperate.”

WMG offers 12 months of free identity monitoring services through Kroll to those affected and encourages them to “remain vigilant for any unauthorized use of your payment cards or suspicious email communications, particularly those purporting to come from Warner Music Group or any WMG-related websites.”

Possible Magecart attack

“E-commerce websites operated by Warner Music Group through a third party e-commerce platform were targets of a cybersecurity attack, which potentially exposed credit card and related data that customers entered into the sites,” a Warner Music Group spokesperson told BleepingComputer.

“With the assistance of cybersecurity experts, a full investigation was launched and we are in the process of notifying potentially affected customers. As a result, we are putting in place additional measures to prevent future breaches.”

Even though WMG didn’t provide any information on how the attackers were able to compromise the stores and potentially get their hands on the customers’ personal and financial data, this attack has all the signs of a textbook Magecart attack.

In such attacks, cybercrime gangs known as Magecart groups hack their way into e-commerce store sites and to inject malicious JavaScript-based scripts within their checkout pages’ source as part of web skimming (also known as e-skimming) attacks.

Their end goal is to harvest all the payment or personal info submitted by the compromised online stores’ customers and to collect it on remote servers under their control.

Update: Added WMG statement.

Also read: 10 Tips For Drafting Key Terms In A Service Agreement

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us