Procter & Gamble: First Aid Beauty-Shop stealed payment data

[German]The online shop 'First Aid Beauty' of Procter & Gamble is probably compromised since May 2019. Until a few hours ago, a MageCart script fished off the payment data, at least for US customers.


Bleeping Computer reported here, that hackers were able to place an e-skimmer in the Procter & Gamble webshop First Aid Beauty in May 2019. Specifically, the MageCart script only stealed payment card data from victims in the USA. If a buyer came from outside the USA or works with the Linux operating system, the skimming script remains inactive. It is suspected that this should be used as protection against security researchers. The shop has only been offline for a few hours due to reporting.

The First Aid Beauty site was acquired by Procter & Gamble in 2019 for 250 million dollars.

(Source: Pexels Markus Spiske CC0 Lizenz)

P&G doesn't react for a week

And now we come to the really dirty side of the story. This script was active until a few days ago and stole the card data from the customers. Willem de Groot, a security researcher at Sanguine Security who deals with the siphoning off of payment data and fraud with online offers, found out that the First Aid Beauty Online Shop had been infected with the malicious script since May 5, 2019.

Willem de Groot kontaktierte contacted the P&G management and support team about a week ago and reported the infection (see tweet above). Specifically, the security researcher told Bleeping Computer that the first contact attempt took place on Sunday. This week there have been several additional attempts to make contact. There was no response from those responsible, and the script was still active until a few hours ago. The message appeared to have silted up. 


First Aid Beauty-Online-Shop (First Aid Beauty site)

At the moment, however, the site shows a 404-page with the hint that they are 'preparing for customers and will be back soon'. So the shop was deactivated. Only after Willem de Groot contacted Computer Bleeping and they published an article on the subject, a responsible person woke up and the shop was taken offline. Bleeping Computer received the following comment from P&G late afternoon October 25, 2019 (US East Coast time):

"Consumer trust is fundamental to us, and we take data privacy very seriously. As soon as we learned about the compromise of the First Aid Beauty site, we moved quickly to take the site down and minimize the impact to our consumers. We are currently investigating the source of the malware and working to identify and notify those consumers who might have been impacted to ensure we provide them the necessary support."

As soon as P&G had heard about the hack, the shop and its website had been taken offline. Currently, investigate the incident and try to identify the affected customers.

First Aid Beauty uses the Magento e-commerce platform, which is always conspicuous by security vulnerabilities. In early October 2019, the software was updated again to address 56 security issues. One problem was rated Severity 10 (highest), while 11 other vulnerabilities were rated Severity 9.1.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *