BevMo Payment Breach Affects Thousands, with Researchers Pointing to Magecart


BevMo Payment Breach Affects Thousands, with Researchers Pointing to Magecart (Dec 27, 2018)

The California-based alcoholic beverage retailer "BevMo," has confirmed that it was affected by a data breach that took place from August 2, 2018 through September 26, 2018. Threat actors were able to inject data-stealing JavaScript onto BevMo's checkout page that stole payment information through aforementioned dates. The types of stolen information consist of the following: card numbers, expiration dates and security codes, names, and phone numbers. The incident is believed to affect approximately 14,579 customers as of the time of this writing. Furthermore, BevMo has stated that the breach has been contained and that their service provider is continuing to monitor for any suspicious behavior. Researchers believed that this website compromise and subsequent theft was possibly conducted by the financially-motivated threat group "MageCart," due to similar tactics observed in prior incidents.

Recommendation: Individuals who may have been affected by this incident should regularly monitor their financial statements for potential fraudulent activity. In addition, the exposure of Personally Identifiable Information (PII) requires affected individuals to take precautionary measure to protect their identity and their finances. Identity theft services can assist in preventing illicit purchases, or applying for financial services from taking place by actors using stolen data.

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.