The web site for UK activewear retailer Sweaty Betty has been hacked to insert malicious code that attempts to steal a customer’s payment information when making purchases.
This type of attack is called Magecart and involves a hacker compromising an online site in order to inject malicious code in checkout or other pages that ask for payment information. When a customer enters payment information on one of these hacked pages, the malicious script will send it to a remote server operated by the attacker.
In emails being sent to Sweaty Betty customers, the retailer states that customers shopping online between November 19th, 2019, at 6:24 PM (GMT) and November 27th, 2019, at 2:52 PM (GMT) may have had their credit card or debit card details stolen.
“These investigations confirmed that a third party gained unauthorised access to part of our website and inserted malicious code designed to capture information entered during the checkout process. This affected customers attempting to place orders online or over the phone for limited intermitten periods of time from Tuesday 19 November at 6.24pm (GMT to Wednesday 27 November 2019 at 2.52.pm (GMT).”
As Magecart scripts rely on users entering new credit card details into the site, those who had saved payment information were not affected by this compromise. Furthermore, Sweaty Betty states that customers making purchases using PayPal or Apple Pay were not affected.