Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

SCUF Gaming Store Hacked To Steal Credit Card Info of 32,000 Customers

SCUF Gaming Store Hacked To Steal Credit Card Info of 32,000 Customers

Image: SCUF Gaming

SCUF Gaming International, a leading manufacturer of custom PC and console controllers, is notifying customers that its website was hacked in February to plant a malicious script used to steal their credit card information.

SCUF Gaming makes high-performance and customized gaming controllers for PCs and consoles, used by both professional and casual gamers

It has 118 granted patents and 52 other pending patent applications covering key controller areas, including the trigger control mechanism, back control functions and handle, and more.

Also Read: Shred It Singapore For Commercial Document Destruction

Over 32,000 customers impacted

SCUF Gaming customers were the victims of a web skimming (also known as e-Skimming, digital skimming, or Magecart) attack.

Threat actors inject JavaScript-based scripts known as credit card skimmers (aka Magecart scripts, payment card skimmers, or web skimmers) into compromised online stores which allow them to harvest and steal customers’s payment and personal info.

The attackers later sell it to others on hacking or carding forums or use it in various financial or identity theft fraud schemes.

In this case, the malicious script was deployed on SCUF Gaming’s online store after the attackers gained access to the company’s backend on February 3rd using login credentials belonging to a third-party vendor.

Two weeks later, on February 18th, SCUF was alerted by its payment processor of unusual activity linked to credit cards used on its web store.

Also Read: How To Make Effective Purchase Order Template Singapore

The payment skimmer was detected and removed one month later, on March 16th, following what the company calls “a rigorous investigation in partnership with third-party forensic specialists.”

“Our investigation has determined that orders processed via PayPal were not compromised and that the incident was limited to payments or attempted payments via credit card between February 3rd and March 16th,” SCUF Gaming says in breach notification letters sent to affected individuals.

“The potentially exposed data was limited to cardholder name, email address, billing address, credit card number, expiration date, and CVV.”

While the company didn’t disclose the number of impacted people in the notification letters, it told the Office of the Maine Attorney General that 32,645 individuals were affected in total.

Customers warned to monitor their bank accounts

SCUF Gaming also emailed customers in May to warn them that their credit card information may have been exposed in a data breach and ask them to watch their bank accounts for suspicious activity.

“This communication does not mean that fraud did or will occur on your payment card account,” SCUF Gaming told affected customers today.

“You should monitor your account and notify your card provider of any unusual or suspicious activity. As a precaution, you may wish to request a new payment card number from your provider.”

On April 10th, SCUF Gaming disclosed another data breach after exposing an “internal development database” containing over 1.1 million customer records with personal and payment information.

A SCUF Gaming spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us