Contact Contact Us

Over 4,600 Websites Affected in Supply-Chain Hacks

More than 4,600 websites were injected with a malicious JavaScript code that harvested payment card details and user information from online forms such as checkout pages and contact forms. The hackers breached web analytics service Picreel to embed the malicious code, which is distributed to 1,249 websites subscribed to the service. The same threat group also compromised Alpaca Forms, an open source project for building web forms, causing tainted scripts to be pushed to 3,435 domains. It is unknown how the hackers breached the two service providers or how long the JavaScript code have been stealing customers' data before the service providers removed them.

[1] Hackers Are Collecting Payment Details, User Passwords From 4,600 Sites
[2] William de Groot Twitter

Ensign InfoSecurity Singapore
30A Kallang Place
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883