Green Bay Packers' online store hacked to steal credit cards

Tags

External References

• https://www.bleepingcomputer.com/
• https://otx.alienvault.com/

Description

A threat actor breached the Green Bay Packers' official online retail store in October, injecting a card skimmer script to steal customers' personal and payment information. The attack, discovered on October 23, 2024, targeted the packersproshop.com website. The malicious code, inserted in the checkout page, could access customer data between late September and early October 2024. Affected information includes names, addresses, email addresses, and credit card details. The team disabled payment capabilities upon discovery and hired cybersecurity experts to investigate. The skimming attack utilized JSONP callback and YouTube's oEmbed feature to bypass Content Security Policy. The Packers are offering three years of credit monitoring and identity theft restoration services to affected customers.

Date