Over 200,000 SelectBlinds customers who shopped for blinds or window treatments in 2023 may have had their personal and payment information stolen in a recent cyber attack. Hackers embedded malware on the retailer’s website, allowing them to scrape sensitive data from the checkout page, including usernames, passwords, addresses, emails, phone numbers, and payment card details. SelectBlinds recently reported this breach to authorities in California and Maine, revealing that the malicious code had been active since January 7, 2023, before being detected and removed on September 28.
The company has since locked affected user accounts, urging customers to reset their passwords, especially if they use the same credentials across other sites. SelectBlinds also advised users to monitor their accounts for suspicious activity and consider updating their login information elsewhere.
How the Attack Happened: A Look into E-Skimming
This incident underscores the ongoing threat of “e-skimming” attacks, where cybercriminals compromise a site’s checkout process by embedding malicious code, often in JavaScript, that captures credit card and personal information. Such attacks have become widespread across e-commerce sites, feeding an underground economy of “carding” operations, where stolen data is sold for fraudulent use. Recorded Future’s recent report highlighted the magnitude of this issue, with 15 million card records posted on dark web markets in recent months.
Efforts to combat e-skimming are ramping up globally. In a recent case, Russian authorities charged six individuals with stealing over 160,000 credit cards, and Europol warned hundreds of online retailers about compromised payment data.
Keeping Your Information Secure: Steps to Protect Yourself
SelectBlinds’ breach is a reminder of the importance of online security. Here are some steps you can take to protect yourself:
- Use Unique Passwords: Avoid reusing passwords on multiple sites, especially those tied to sensitive information.
- Monitor Financial Accounts: Keep an eye on your bank and credit card statements to catch unauthorized charges early.
- Enable Two-Factor Authentication: Adding an extra layer of security to your accounts can prevent unauthorized access.
As cyber threats evolve, vigilance remains essential in protecting personal information online.