The website of Element Vape, a major online store for e-cigarettes and other accessories, was recently hacked and infected with MageCart, a popular credit card skimmer.
The news was first reported by BleepingComputer, whose analysts looked into the website’s code and discovered the skimmer on the checkout page. Email addresses, credit card numbers, expiration dates, phone numbers, billing addresses, and street and ZIP codes have all been stolen by the skimmer.
The magazine alerted Element Vape as soon as the existence of the skimmer was proven, and Element Vape acted quickly, removing the malicious code from its website the same day.
It’s unclear how the code got onto the website, and it’s difficult to say whether any of the company’s endpoints were infected with malware.
The attacker’s identity is likewise unclear at this time. The stolen data was transferred to a hardcoded Telegram account, according to the publication.
The attack is most likely from a later period, given the code was not present on the site earlier in February, according to an analysis.
According to BleepingComputer, Element Vape was previously hacked in 2018, potentially exposing personally identifiable information (PII) to unknown cyber actors.
The customers filed a lawsuit, alleging that the corporation failed to notify impacted customers in a timely manner and did nothing to avoid the disaster.
The findings have yet to be addressed by Element Vape.