Categories: SecurityWorkspace

Warner Music Warns Of Three-Month Payment Card Hack

Warner Music Group has notified customers of a prolonged hack that allowed attackers to acquire payment details belonging to an unknown number of individuals.

In a letter to customers it believes may have been affected by the hack, Warner said the incident lasted from 25 April to 5 August.

The company learned of what had occurred on 5 August and took action, it said.

“Keeping personal information safe and secure is very important to us,” the multinational said in its letter.

Card skimming

“We deeply regret that this incident has occurred.”

The hack affected US-based e-commerce websites operated by Warner but hosted and supported by an external service provider, the company said.

“Any personal information you entered into one or more of the affected website(s) between April 25, 2020 and August 5, 2020 after placing an item in your shopping cart was potentially acquired by the unauthorised third party,” Warner stated.

The details potentially affected include name, email address, telephone number, billing address, shipping address and payment card details, including card number, security digits and expiration date.

It said PayPal transactions were not affected.

Protection

Warner said it has launched an investigation with outside security experts and took steps to correct the issue, as well as notifying card providers and law enforcement.

The company offered 12 months of free identity protection services to those affected, which it said  it hoped would “restore confidence”.

It urged customers to “remain vigilant for any unauthorised use of your payment cards or suspicious email communications”.

Warner didn’t indicate how many customers may have been affected.

The attack comes three years after the company was hit by a phishing scam that resulted in the leak of 3.12 TB of internal data relating to its music video provider, Vevo.

Targeted code

The latest Warner hack appears similar to a 2018 “skimming” attack on British Airways that allowed hackers to make off with details on hundreds of thousands of payment cards during the peak summer holiday season.

The Magecart group was said to have been responsible for the attack, which involved planting malicious code on BA’s website and mobile app.

BA said at the time that 380,000 transactions were affected by the scam, which involved the use of code customised specifically to run on BA’s site.

“The Magecart actors… have continually refined their tactics and targets,” computer security firm RiskIQ said at the time.

“We’re now seeing them target specific brands, crafting their attacks to match the functionality of specific sites.”

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago