Skip to main content

Hackers collect payment and password info from more than 4,600 sites

Stock photo of laptop with code on its screen
Negative Space / Pexels

Two recent supply-chain attacks have allowed hackers to collect the payment info and user passwords of more than 4,600 websites.

According to ZDNet, the supply-chain attacks were spotted by Twitter user and Sanguine Security forensic analyst Willem de Groot and were still considered ongoing as of Sunday, May 12.

The attacks involved the breaching of an analytics service known as Picreel and an open-source project called Alpaca Forms. Essentially, the hackers responsible for the attack altered the JavaScript files of each company in order to “embed malicious code on over 4,600 websites.” Once embedded, the malicious code then collected the information given by website users (payment information, logins, and contact form data) and then submitted the information it collected to a server in Panama.

How the malicious code was able to reach thousands of websites so quickly can be explained by the kinds of companies they attacked in the first place. For example, as ZDNet notes, Picreel’s main service is that it lets “site owners to record what users are doing and how they’re interacting with a website to analyze behavioral patterns and boost conversation rates.” And in order to provide that service, Picreel clients (read: website owners), have to insert a bit of JavaScript code in their own websites. The malicious code was spread by altering that bit of JavaScript code.

Alpaca Forms is basically an open-source project used to build web forms. The project was created by Cloud CMS. Hackers were able to spread their malicious code via Alpaca Forms by breaching a content delivery service network (CDN) used by Alpaca Forms and managed by Cloud CMS. After breaching this CDN, the hackers were then able to alter an Alpaca Form script to spread the malicious code. In an emailed statement to ZDNet, Cloud CMS Chief Technical Officer Michael Uzquiano said that only one Alpaca Form JavaScript file had been altered. In addition, ZDNet also reports that the affected CDN was taken down by Cloud CMS. The content management system company also stated the following: “There has been no security breach or security issue with Cloud CMS, its customers or its products.”

However, as ZDNet notes, that conclusion doesn’t seem to be supported by any proof. Also, the code found in the Alpaca Forms attack has been spotted on 3,435 sites. And the malicious code found in the Picreel attack was reportedly spotted on 1,249 websites so far.

It is currently unclear who the hackers are. However, it was reported by de Groot via Twitter on Monday, May 13 that the malicious code has finally been removed by Picreel and Cloud CMS.

Anita George
Anita has been a technology reporter since 2013 and currently writes for the Computing section at Digital Trends. She began…
Best Woot Prime Day deals: TVs, headphones and appliances
Sony WH-1000XM5

There are plenty of Prime Day deals going on right now and we don’t just mean at Amazon. The nice thing about Prime Day is that it means other retailers also launch their own sales and that includes Amazon-owned Woot. That means whether you’re looking for cheap Prime Day TV deals or high-end Prime Day headphone deals, you should check out Woot. To help you narrow things down, we’ve picked out our highlights so you can quickly find the right deal for your needs. Here’s what you need to know.
Woot Prime Day TV deals

Amazon 55-inch Fire TV Omni 4K Smart TV (refurbished) --
Samsung 65-inch The Frame QLED 4K Smart TV (refurbished) --
LG 65-inch C3 OLED evo 4K Smart TV (refurbished) --
Samsung 75-inch The Frame QLED 4K Smart TV --
LG 77-inch C3 OLED evo 4K Smart TV (refurbished) --
LG 83-inch C3 OLED evo 4K Smart TV (refurbished) --

Read more
Best Alienware Prime Day deals: Cheap gaming laptops and PCs
The Alienware m18 gaming laptop.

The savings that you can get from Prime Day deals will let you afford Prime Day gaming laptop deals and Prime Day gaming PC deals that were previously out of your reach -- and that includes machines made by Alienware. Dell's gaming-focused brand is extremely popular, which is why we think there's going to be lots of demand for this year's Alienware Prime Day deals. We've gathered our favorite Alienware deals for the shopping event for you to browse, but if you want to take advantage of any of them, you need to be quick because stocks may run out at any moment.
Best Alienware gaming laptop Prime Day deals

If you want a portable gaming machine, a gaming laptop is the perfect choice for you, and buying from Alienware gaming laptop Prime Day deals is highly recommended. These machines come at a premium price because of the power that they pack, but you can get them for much cheaper than usual during the shopping event. There's no time to waste though, as other gamers will surely be interested in these offers -- there's no telling how long stocks will last.

Read more
This pack of corn puffs hasn’t left my gaming PC — here’s why
A pack of Kuai Kuai sitting on a gaming PC.

In Taiwan, I fell in love. I didn't find a spouse, a pet, or suddenly decide to move my life to the other side of the world. I fell in love with a coconut-flavored corn puff called Kuai Kuai (or "Guai Guai"). And since returning home, I've had an unopened bag of the snack leaning on my gaming PC.

If you're one of the few that knows about Kuai Kuai, you already know what's up. For everyone else, you probably think I'm a little off my rocker. You might be onto something there, but Kuai Kuai has an entire culture around it that I learned about on my trip to Computex this year, and it's been a great way to bring a little piece of Taiwan home with me.

Read more