Rooster Teeth experiences data breach, Magecart implicated

Rooster Teeth, the popular site that produces all sorts of entertainment content for the geek community, has notified its userbase of a data breach. In a security notice on its website, Rooster Teeth stated that the breach occurred on Dec. 2. The breach specifically, according to Rooster Teeth, “may have compromised a limited group of customers’ personal information.” The company notice, which was written by Rooster Teeth’s vice president of business & legal affairs Marlayne Ingram, insists that Rooster Teeth accounts and FIRST membership subscriptions remain unaffected by the breach. This data breach, as the notice reads, was localized to the Shopify platform for Rooster Teeth’s online store.

Rooster Teeth’s discovery of the data breach and its subsequent response is detailed in the excerpt below:

Rooster Teeth discovered that malicious code had been added to the Site earlier the same day. The malicious code directed users entering a checkout on the Site to a spoofed webpage where they were asked to enter payment card details in order to complete their purchases. This was inserted after the stage at which users entered their shipping data. Users who completed the payment card details page were then directed to the real webpage, where they were asked to complete the forms again... We removed the malicious code from the Site and took other steps to secure the Site against further unauthorized access.

This is not, however, a run-of-the-mill data breach like we see so often in the field of cybersecurity. The breach occurred as a result of a direct attack from the loosely organized threat actors known as Magecart. According to Elad Shapira, who spoke on the issue via an email interview with Threatpost journalist Tara Seals, Magecart appears to be trying new methods of attack. Shapira, who is head of research at Panorays, stated the following about the incident:

[The] Magecart threat continues to evolve while often targeting organizations through their third parties... In this case, malicious code introduced on the company’s Shopify-based online store directed users to a fake payment page, where they were asked to enter their credit-card information. But it also points to good news, which is that companies are clearly beginning to take this threat seriously. It’s encouraging that Rooster Teeth’s IT team was able to discover and remove the malicious code on the same day it was introduced. Organizations can learn from this example, and should be sure to put processes in place to manage and review susceptibility to the Magecart threat through third-parties.

Magecart does not appear to be going away anytime soon, so it would be prudent for companies to secure their networks as best as possible against them.

Featured image: Rooster Teeth

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

Contactless payments are hot, but are they secure?

The trend to contactless payments has accelerated as retailers and consumers adjust to COVID-19 realities.…

8 hours ago

Season’s fleecings: CISA warns on holiday shopping scams

The U.S. Department of Homeland Security is warning that online holiday shopping scams may be…

11 hours ago

Azure DNS: Using Azure DevOps to protect public DNS zones

This in-depth tutorial shows you how to use features available in Azure DevOps to boost…

14 hours ago

Report: Baidu Android apps had potential to expose data

Two apps from Chinese tech giant Baidu that had been available in the Google Play…

1 day ago

Shining a light on the dark shadow cast by shadow IT

Employees who don’t have the tools to get their jobs done sometimes turn to the…

2 days ago

Microsoft 365 troubleshooting: Diagnostic tools at your fingertips

Many Exchange Server troubleshooting tools don’t work with Microsoft 365. Fortunately, Microsoft has a bunch…

4 days ago