Element Vape, a popular online retailer selling e-cigarettes and accompanying accessories, had its website compromised and loaded with notorious credit card skimmer, MageCart.
The news was revealed by BeepComputer, whose website code analysts investigated and found the skimmer on the checkout page. The skimmer stole information such as email addresses, credit card numbers and expiration dates, phone numbers, billing addresses, and street and postal codes.
As soon as the existence of the skimmer was confirmed, the publication notified Element Vape, which reacted quickly, eliminating the malicious code from its website the same day.
How the code ended up on the webpage in the first place remains a mystery, and it’s unclear if any of the company’s endpoints were infected with malware.
The name of the threat actor is also unknown. The post says the stolen data is exfiltrated to an obfuscated, hard-coded Telegram address.
What the investigation found was that the attack most likely dates from a more recent date, as the code was not present on the site at the beginning of February this year.
Element Vape has already been attacked, BeepComputer said. In 2018, it notified its clients of potential leaks of personally identifiable information (PII) to unknown threat actors.
Consumers filed a lawsuit, claiming the company failed to notify affected people in time and did everything it could to prevent the incident from happening in the first place. The lawsuit was followed by a class action lawsuit in 2019, requiring a jury trial.
Although community response to Element Vape appears to be mostly positive, on social media there are a few potential red flags, BleepingComputer suggests. For example, in some US states it is known as TheSY LLC and has 13,000 Twitter users. However, his tweets are protected, which is not what you are used to seeing from a company.
Element Vape has yet to comment on the results. Customers interacting with the company are advised to keep both eyes on their credit cards, for suspicious transactions.