Creates, a popular online retailer of hair styling tools, has suffered a significant data breach that exposed credit card details, names, addresses, and possibly even more sensitive personal information belonging to thousands of customers. An investigation revealed that attackers found weaknesses in the company’s old e-commerce platform to steal data during the checkout process.
Unauthorized access by a nefarious third party led to the potential leakage of sensitive customer information, including credit card details for 4,748 patrons and personal data for 65,520 individuals.
The breach’s origins trace back to vulnerabilities exploited through fraudulent orders, where the website’s integrity was compromised, and a malicious program was embedded to pilfer information entered by unsuspecting customers.
In the aftermath of this unsettling discovery, Creates embarked on a rigorous journey to uncover the extent of the breach. An exhaustive forensic investigation, bolstered by external experts and an internal review, paved the way for a transparent disclosure of the breach’s details and the steps taken to fortify the platform against future threats.
Creates has taken a proactive stance in mitigating the breach’s impact. Customers potentially affected by this incident have been notified via email, with written notices dispatched to those unreachable through digital means. Customers are urged to scrutinize their credit card statements for any anomalies and engage with their issuers to safeguard their financial wellbeing.
Following the renewal of the “Creates Official Online Shop” on April 3, 2023, and the ensuing suspension of credit card payments in June after alerts from credit card companies, Creates verified that the old site was the breach’s epicenter. If you made a purchase on the Creates Official Online Shop any time between April 21, 2021, and April 3, 2023, your data could be in the hands of cybercriminals. Creates assures that the new website is secure.
Acknowledging the breach’s gravity, Creates has expressed its heartfelt apologies for the delay in communication, striving to avoid undue alarm while ensuring the accuracy of the information shared.
Source: Original Post