Hackers Steal Credit Card Information from Nutribullet Website

Credit Cards

RiskIQ research shows that Nutribullet’s website has been under attack by hackers. The cyber security company released this information to the public today. Hackers have managed to install malware on the website. The malware helped these criminals steal credit card information along with other personal details.

Nutribullet Website Attacked

The attacks seem to have started at the end of February. The security company detected the first attack and tried to contact the company. There was no response from Nutribullet, but RiskIQ decided to take down the attack. Since then the security company has detected two other attacks on the website. The malware was removed every time, but RiskIQ is not certain that the attacks are over. Nutribullet did not contact RiskIQ directly at any point, but they did state that they “have launched forensic investigations to determine how the code was compromised”. Nutribullet also stated that  “[we] have updated our security policies and credentials to include Multi-Factor Authentication as a further precaution”.

Magecart Hacker Group

The hack was performed by a group named Magecart that is well known to the security company. They were also responsible for many other attacks, for example of British Airways and Ticketmaster. Attacks like these might sadly become a trend since they are quite lucrative for the hackers. The head of threat research at RiskIQ stated that “Magecart attacks will continue to evolve and surprise security researchers with new capabilities. They’re learning from past attacks to stay one step ahead, so it’s on the security community to do the same”.

Multi-Factor Authentication

Cyber attacks like this one happen about once every five minutes, and sadly there is not much the online consumer can do about that. It is up to the websites to make sure that their security is up to date. A purchase online is a lot safer with multi-factor authentication. Often, when you buy something online, you need to authenticate that you actually are who you say you are. Just putting in your credit card details usually isn’t enough anymore. So when someone does get a hold of your credit card details, they can’t simply spend your money. The fact that Nutribullet has taken this safety measure for their customers means that they can shop in a safer online environment.

Cybersecurity analyst
David is a cyber security analyst and one of the founders of VPNoverview.com. Interested in the "digital identity" phenomenon, with special attention to the right to privacy and protection of personal data.