Mypillow and Amerisleep are both popular mattress and bedding merchants in the USA, but recent claims from cybersecurity researchers could give them the sleepless nights
Researchers have disclosed about the details of attackers who are identified as magecart attackers. Magecart is the name given by them to 11 different hacking groups. Their sole purpose is to implant malware in an e-commerce website and steal all the payment card details of customers.
Magecart had already made headlines last year with their high profile cybercrimes against major international companies like British Airways, Ticketmaster, Newsegg etc. Generally, Magecart hackers use digital card skimmers, few lines of javascript is inserted in the checkout page of the hacked website and so designed that it captures all the payment information and send it to any remote attacker-controlled server. Earlier this year around 277 e-commerce websites has been hacked by magecart.
According to RiskIQ researcher Yonathan Klijnsma, he has stated that hundreds of cases has been documented by their company on a daily basis but these two cases are more significant. Mypillow was also targeted last October 2018 and compromised e-commerce and sales platform.On the other hand, Amerisleep had faced a similar situation in 2017 and also in December 2018.
The most recent attack has been observed in January,when the attackers injected skimmers only in payment pages. Mypillow CEO Mike Lindell has confirmed to CNET about a breach but labelled it as ineffective.
Still, from Amerisleep any kind of warning has not been issued for their customers.To avoid these situations website administrators are advised to always use updates, patches and harden their server more. Online shoppers are also advised to always check credit card and bank statements and always contact the authorities in case of any unauthorised transactions.
