- Credit card skimmers have compromised several US-based websites of ‘Warner Music.’
- The malicious software remained active on the websites for a couple of months, so a large volume of data was stolen.
- Warner Music is now covering the cost of 12 months of identity theft services for the affected individuals.
The Warner Music Group (WMG) is circulating notices of a data breach, informing the affected individuals of a security incident that the firm discovered on August 5, 2020. Reportedly, an unauthorized third party has acquired sensitive information that was entered by visitors of US-based e-commerce WMG websites.
This is just another way of saying that Magecart hackers have planted skimmers on some WMG websites and stole the credit card details that customers entered on the checkout page. The skimmers were first activated on April 25, 2020, and remained operational until their discovery, on August 5, 2020.
If you have bought anything on a Warner Music e-shop during the period mentioned above of time, then there’s a good chance that hackers have stolen personal details. That would include your full name, email address, telephone number, billing address, shipping address, and the full credit card details (number, CVV, expiration date).
Unfortunately, it means that anyone holding this data can now purchase stuff using your card, as they have everything needed for that. Those who used PayPal to check out are not affected by the incident, as the skimmers only grabbed details entered on the WMG websites.
Dealing with such a wide spectrum of potential exploitation is unfortunate, and the affected individuals need to take a series of steps in order to protect themselves adequately. First, you should sign up for 12 months of identity monitoring services by Kroll, which is covered by Warner Music. Secondly, you should keep a close eye on your credit card reports, and if you see anything suspicious, you should immediately contact your bank. Thirdly, incoming communications – either via email or phone – should be treated with extra watchfulness.
The easiest thing for scammers would be to use your order details to launch a social engineering attack and trick you into giving away more data or money. Of course, Magecart actors are interested in stealing, using, or reselling credit card data. Still, the rest of the information wouldn’t go to the dumpster as it’s pretty valuable in its own regard.
If all of the above is overwhelming, just put your account on a security freeze state until the situation clears up. Additionally, you may contact Warner Music and ask for more information about the incident at “1-866-951-4190” or by sending an email to “firstname.lastname@example.org.”