Skip to main content
  1. Home
  2. Computing
  3. News

Hackers collect payment and password info from more than 4,600 sites

By
Stock photo of laptop with code on its screen
Negative Space / Pexels

Two recent supply-chain attacks have allowed hackers to collect the payment info and user passwords of more than 4,600 websites.

According to ZDNet, the supply-chain attacks were spotted by Twitter user and Sanguine Security forensic analyst Willem de Groot and were still considered ongoing as of Sunday, May 12.

Recommended Videos

The attacks involved the breaching of an analytics service known as Picreel and an open-source project called Alpaca Forms. Essentially, the hackers responsible for the attack altered the JavaScript files of each company in order to “embed malicious code on over 4,600 websites.” Once embedded, the malicious code then collected the information given by website users (payment information, logins, and contact form data) and then submitted the information it collected to a server in Panama.

Related

How the malicious code was able to reach thousands of websites so quickly can be explained by the kinds of companies they attacked in the first place. For example, as ZDNet notes, Picreel’s main service is that it lets “site owners to record what users are doing and how they’re interacting with a website to analyze behavioral patterns and boost conversation rates.” And in order to provide that service, Picreel clients (read: website owners), have to insert a bit of JavaScript code in their own websites. The malicious code was spread by altering that bit of JavaScript code.

Alpaca Forms is basically an open-source project used to build web forms. The project was created by Cloud CMS. Hackers were able to spread their malicious code via Alpaca Forms by breaching a content delivery service network (CDN) used by Alpaca Forms and managed by Cloud CMS. After breaching this CDN, the hackers were then able to alter an Alpaca Form script to spread the malicious code. In an emailed statement to ZDNet, Cloud CMS Chief Technical Officer Michael Uzquiano said that only one Alpaca Form JavaScript file had been altered. In addition, ZDNet also reports that the affected CDN was taken down by Cloud CMS. The content management system company also stated the following: “There has been no security breach or security issue with Cloud CMS, its customers or its products.”

However, as ZDNet notes, that conclusion doesn’t seem to be supported by any proof. Also, the code found in the Alpaca Forms attack has been spotted on 3,435 sites. And the malicious code found in the Picreel attack was reportedly spotted on 1,249 websites so far.

It is currently unclear who the hackers are. However, it was reported by de Groot via Twitter on Monday, May 13 that the malicious code has finally been removed by Picreel and Cloud CMS.

Editors’ Recommendations

Topics
Anita George
Anita George
Computing Writer
Anita George has been writing for Digital Trends' Computing section since 2018. So for almost six years, Anita has written…
ChatGPT just improved its creative writing chops
a phone displaying the ChatGPT homepage on a beige bbackground.

One of the great strengths of ChatGPT is its ability to aid in creative writing. ChatGPT's latest large language model, GPT-4o, has received a bit of a performance boost, OpenAI announced Wednesday. Users can reportedly expect "more natural, engaging, and tailored writing to improve relevance & readability" moving forward.

https://twitter.com/OpenAI/status/1859296125947347164

Read more
The 10 best gaming monitors of 2024: tested and reviewed
Alienware ultrawide OLED on a desk.

Editor’s note: Gaming monitors are always hot sellers on Black Friday and Cyber Monday. We're expecting some really great discounts on some of the top models, including high-end OLED gaming monitors, super-fast refresh rate screens, and more budget-oriented fare. There are tons of fantastic monitor deals available now, and they're bound to get even better on Black Friday and Cyber Monday. Make sure to check out our other Black Friday deals or Cyber Monday deals for even more bargains on TV, headphones, and more.

A good monitor is essential for gaming due to its significant impact on the overall experience. There are a ton of options if you are on the hunt for one of the best gaming monitors, but for us, Alienware's 34 QD-OLED still takes the cake in 2024. It's not the display for everyone, though, and after reviewing dozens of the top gaming monitors, we've settled on a list of displays that offer great gaming performance for any budget or purpose.

Read more
Nvidia’s RTX 5070 Ti may trail behind the RTX 4080
Power adapter on the RTX 4070 Ti Super graphics card.

As we inch closer to the launch of Nvidia's RTX 50-series, new leaks keep cropping up daily. Today, one of the most prolific leakers in the PC hardware space shared a glimpse of the specs for Nvidia's upcoming RTX 5070 Ti. Although it's not the full spec sheet, one specification in particular tells us that we may be dealing with a GPU similar to the RTX 4080, which is still one of Nvidia's best graphics cards. But is that good news?

All of this is unconfirmed. Kopite7kimi is one of the accounts that most of us turn to when we want some new scoop on upcoming PC hardware, but this time, the leaker didn't post on X (Twitter), and has instead shared some specs directly with VideoCardz. Let's dig in.

Read more