Go Back   Carder.life > [en] International Forum > Carding News
Reload this Page Eggless Cake Box suffers data breach exposing credit card numbers

CARDER.MARKET - CARDING FORUM FOR PROFESSIONAL CARDERS


Reply
 
Thread Tools Display Modes
  #1  
Old 01-05-2025, 02:03 AM
Artifact's Avatar

Artifact Artifact is offline
Administrator
Join Date: Jan 2024
Posts: 0
Default


Eggfree Cake Box has revealed a data breach after threat actors hacked into its website to steal credit card numbers.
Cake Box is a UK chain of stores that sells fresh cream celebration cakes made without eggs. There are currently 164 Cake Box stores located across the UK.
In emails sent to customers this week, Cake Box revealed that its website was hacked in 2020 to include malicious scripts that stole customer information, including credit cards, sent to the site.

Part of Cake Box’s data breach notification
Cake Box learned of the breach on April 27, 2020, when they were contacted by their payment processing provider, Global Payments, who warned them that the site had been breached.
“We immediately launched a thorough investigation of our systems in response and, with the help of experienced third-party security specialists, we determined that an unauthorized third party had recently gained access to the Cake Box website and placed certain malware on it.” revealed Cake Box in a data breach notification sent to customers.
“With this malware, the third party was able to copy certain information provided by our customers when making purchases from our website. Later, we learned that, in certain cases, this information has been used to make fraudulent purchases.”
When customers made purchases on the site while it was infected, these malicious scripts sent first and last name, email address, postal address, and payment card information, including the three-digit CVV code, to a server. remote controlled by attackers.
Probably a MageCart attack
Based on the description, this violation appears to be a MageCart attack.
MageCart attacks occur when threat actors hack into an e-commerce site and add malicious scripts to your payment confirmation pages.
These scripts will monitor the payment pages and, if credit card information is sent on the page, they will transmit the data to a remote site under the attacker’s control.
The attackers can then log into their servers and retrieve the stolen credit card information to sell on the dark web or conduct fraudulent transactions.
If you are a Cake Box customer and have received notifications about the data breach, you should analyze your current and past transactions and make sure there are no fraudulent charges.
Reply

Tags
NULL

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Forum Jump




All times are GMT. The time now is 07:37 PM.

Contact Us - Carder.life - Archive - Top