Skip to main content
  1. Home
  2. Computing
  3. News

Hackers collect payment and password info from more than 4,600 sites

Anita George
By
Stock photo of laptop with code on its screen
Negative Space / Pexels

Two recent supply-chain attacks have allowed hackers to collect the payment info and user passwords of more than 4,600 websites.

According to ZDNet, the supply-chain attacks were spotted by Twitter user and Sanguine Security forensic analyst Willem de Groot and were still considered ongoing as of Sunday, May 12.

Recommended Videos

The attacks involved the breaching of an analytics service known as Picreel and an open-source project called Alpaca Forms. Essentially, the hackers responsible for the attack altered the JavaScript files of each company in order to “embed malicious code on over 4,600 websites.” Once embedded, the malicious code then collected the information given by website users (payment information, logins, and contact form data) and then submitted the information it collected to a server in Panama.

Related

How the malicious code was able to reach thousands of websites so quickly can be explained by the kinds of companies they attacked in the first place. For example, as ZDNet notes, Picreel’s main service is that it lets “site owners to record what users are doing and how they’re interacting with a website to analyze behavioral patterns and boost conversation rates.” And in order to provide that service, Picreel clients (read: website owners), have to insert a bit of JavaScript code in their own websites. The malicious code was spread by altering that bit of JavaScript code.

Alpaca Forms is basically an open-source project used to build web forms. The project was created by Cloud CMS. Hackers were able to spread their malicious code via Alpaca Forms by breaching a content delivery service network (CDN) used by Alpaca Forms and managed by Cloud CMS. After breaching this CDN, the hackers were then able to alter an Alpaca Form script to spread the malicious code. In an emailed statement to ZDNet, Cloud CMS Chief Technical Officer Michael Uzquiano said that only one Alpaca Form JavaScript file had been altered. In addition, ZDNet also reports that the affected CDN was taken down by Cloud CMS. The content management system company also stated the following: “There has been no security breach or security issue with Cloud CMS, its customers or its products.”

However, as ZDNet notes, that conclusion doesn’t seem to be supported by any proof. Also, the code found in the Alpaca Forms attack has been spotted on 3,435 sites. And the malicious code found in the Picreel attack was reportedly spotted on 1,249 websites so far.

It is currently unclear who the hackers are. However, it was reported by de Groot via Twitter on Monday, May 13 that the malicious code has finally been removed by Picreel and Cloud CMS.

Editors' Recommendations

Topics
Anita George
Anita George
Computing Writer
Anita has been a technology reporter since 2013 and currently writes for the Computing section at Digital Trends. She began…
Amazon deals: TVs, laptops, headphones and more
iPad Air on a white background.

Amazon is one of the most popular retailers on the planet. It has almost anything and everything you could hope to shop for, and that includes tech like laptops, headphones, TVs, and even devices made to make life around the home a little easier. And whether you’re shopping for one of the best smart home devices or something more tailored to work or play, Amazon always shows up with ways to save. Right now it has a ton of laptop deals, TV deals, headphone deals, and more to shop. We’ve walked down the aisles of Amazon and picked out what we feel are some deals worth shopping, so read onward for more details.
Vizio 50-inch V-Series 4K smart TV — $223, was $360

The Vizio V-Series 4K Smart TV amazing picture quality for its price point, as well as a wide variety of smart features. It has an IQ Active Processor that delivers superior picture processing. This processor also enables the TV to upscale all of your favorite HD content into 4K quality as you watch. This TV also features a gaming engine that makes gameplay more responsive with less lag and a high refresh rate. This is something to consider if you’re a gamer and somebody who likes to watch fast-paced content such as sports and action movies.

Read more
How to delete files on a Chromebook
HP Dragonfly Pro Chromebook top down view showing keyboard and touchpad.

Your Chromebook has quickly become your everyday computer. Using it for just about everything, including web browsing, word processing, gaming, and social media, we bet there’s going to come a time when you need to delete some files from your PC. Doing so will not only allow you to store more media locally, but it should also help to improve the performance of your go-to Chromebook device.

Read more
Best gaming chair deals: Save on Corsair, Razer, and more
Razer - Iskur Gaming Chair.

Sitting down to play video games for hours and hours can be a lot of fun, but it can also be pretty bad for your health. Beyond just the lack of circulation, most modern chairs are not really made to have us sit in them for long periods, and so they don't offer things like lumbar support or breath to help keep us cool. Luckily, gaming chairs have come to the rescue, and if you're looking to at least help keep your body safe and healthy, going for a gaming chair can make a big difference. That said, gaming chairs can be quite expensive, which is why we've gone out and found some of our favorite gaming chair deals for you to pick from.
Homall Massage Gaming Chair -- $85, was $170

The Homall Massage Gaming Chair is affordable, but it will get the job done of keeping you comfortable while playing video games with its ergonomic design and high-quality PU leather materials. It's got head and waist pillows with a massage function that sets it apart from other cheap gaming chairs. The backrest can recline between 90 degrees and 180 degrees so you can find the perfect angle, and it also has a retractable footrest for an extra sitting position.

Read more