Segway, the company most famous for its two-wheeled “hoverboard”, has confirmed it suffered a cyberattack that saw it leak credit card data to malicious actors. The company’s online store was breached sometime around January 6, 2022 (possibly even earlier), by a group known as Magecart Group 12. As the name suggests, the group works to steal credit card information by integrating the Magecart script onto vulnerable online stores. The script intercepts transaction data during the checkout in an online store, which is a process also known as form jacking, digital skimming, or e-skimming.
Cybersecurity researchers from Malwarebytes, which first spotted the breach, said it’s likely that the malicious actors exploited a vulnerability in the Magento CMS that the store uses. Once the CMS was breached, they embedded the skimmer in the last place anyone would look – the favicon files, images that are used to display small icons, such as website logos, in the web page browser tab.
Hiding malware in icons
What makes it difficult for security pros to spot this script is the fact that it won’t be seen unless the page is analyzed with a hex editor. BleepingComputer claims that this technique has been “well-documented”, and that it’s been used by “skillful” Magecart groups, for years now.
Claire’s, Tupperware, Smith & Wesson, Macy’s, and British Airways, have all been compromised in the same fashion, the company says.
As for Segway, most of its users come from the US (55%) and Australia (39%). We don’t know how many customers might be affected by this incident. Segway is yet to make an announcement, as the company’s newsroom page, blog, and Twitter account, have no mention of the breach.