Frame-14

Privacy Ninja

        • DATA PROTECTION

        • Email Spoofing Prevention
        • Check if your organization email is vulnerable to hackers and put a stop to it. Receive your free test today!
        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • AntiHACK Phone
        • Boost your smartphone’s security with enterprise-level encryption, designed by digital forensics and counterintelligence experts, guaranteeing absolute privacy for you and up to 31 others, plus a guest user, through exclusive access.

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$3,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Secure your digital frontiers with our API penetration testing service, meticulously designed to identify and fortify vulnerabilities, ensuring robust protection against cyber threats.

        • Network Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Mobile Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Web Penetration Testing
        • Fortify your web presence with our specialized web penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats.

        • RAPID DIGITALISATION

        • OTHERS

SCUF Gaming Store Hacked To Steal Credit Card Info of 32,000 Customers

SCUF Gaming Store Hacked To Steal Credit Card Info of 32,000 Customers

Image: SCUF Gaming

SCUF Gaming International, a leading manufacturer of custom PC and console controllers, is notifying customers that its website was hacked in February to plant a malicious script used to steal their credit card information.

SCUF Gaming makes high-performance and customized gaming controllers for PCs and consoles, used by both professional and casual gamers

It has 118 granted patents and 52 other pending patent applications covering key controller areas, including the trigger control mechanism, back control functions and handle, and more.

Also Read: Shred It Singapore For Commercial Document Destruction

Over 32,000 customers impacted

SCUF Gaming customers were the victims of a web skimming (also known as e-Skimming, digital skimming, or Magecart) attack.

Threat actors inject JavaScript-based scripts known as credit card skimmers (aka Magecart scripts, payment card skimmers, or web skimmers) into compromised online stores which allow them to harvest and steal customers’s payment and personal info.

The attackers later sell it to others on hacking or carding forums or use it in various financial or identity theft fraud schemes.

In this case, the malicious script was deployed on SCUF Gaming’s online store after the attackers gained access to the company’s backend on February 3rd using login credentials belonging to a third-party vendor.

Two weeks later, on February 18th, SCUF was alerted by its payment processor of unusual activity linked to credit cards used on its web store.

Also Read: How To Make Effective Purchase Order Template Singapore

The payment skimmer was detected and removed one month later, on March 16th, following what the company calls “a rigorous investigation in partnership with third-party forensic specialists.”

“Our investigation has determined that orders processed via PayPal were not compromised and that the incident was limited to payments or attempted payments via credit card between February 3rd and March 16th,” SCUF Gaming says in breach notification letters sent to affected individuals.

“The potentially exposed data was limited to cardholder name, email address, billing address, credit card number, expiration date, and CVV.”

While the company didn’t disclose the number of impacted people in the notification letters, it told the Office of the Maine Attorney General that 32,645 individuals were affected in total.

Customers warned to monitor their bank accounts

SCUF Gaming also emailed customers in May to warn them that their credit card information may have been exposed in a data breach and ask them to watch their bank accounts for suspicious activity.

“This communication does not mean that fraud did or will occur on your payment card account,” SCUF Gaming told affected customers today.

“You should monitor your account and notify your card provider of any unusual or suspicious activity. As a precaution, you may wish to request a new payment card number from your provider.”

On April 10th, SCUF Gaming disclosed another data breach after exposing an “internal development database” containing over 1.1 million customer records with personal and payment information.

A SCUF Gaming spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us