Rooster Teeth experiences data breach, Magecart implicated

Rooster Teeth, the popular site that produces all sorts of entertainment content for the geek community, has notified its userbase of a data breach. In a security notice on its website, Rooster Teeth stated that the breach occurred on Dec. 2. The breach specifically, according to Rooster Teeth, “may have compromised a limited group of customers’ personal information.” The company notice, which was written by Rooster Teeth’s vice president of business & legal affairs Marlayne Ingram, insists that Rooster Teeth accounts and FIRST membership subscriptions remain unaffected by the breach. This data breach, as the notice reads, was localized to the Shopify platform for Rooster Teeth’s online store.

Rooster Teeth’s discovery of the data breach and its subsequent response is detailed in the excerpt below:

Rooster Teeth discovered that malicious code had been added to the Site earlier the same day. The malicious code directed users entering a checkout on the Site to a spoofed webpage where they were asked to enter payment card details in order to complete their purchases. This was inserted after the stage at which users entered their shipping data. Users who completed the payment card details page were then directed to the real webpage, where they were asked to complete the forms again… We removed the malicious code from the Site and took other steps to secure the Site against further unauthorized access.

This is not, however, a run-of-the-mill data breach like we see so often in the field of cybersecurity. The breach occurred as a result of a direct attack from the loosely organized threat actors known as Magecart. According to Elad Shapira, who spoke on the issue via an email interview with Threatpost journalist Tara Seals, Magecart appears to be trying new methods of attack. Shapira, who is head of research at Panorays, stated the following about the incident:

[The] Magecart threat continues to evolve while often targeting organizations through their third parties… In this case, malicious code introduced on the company’s Shopify-based online store directed users to a fake payment page, where they were asked to enter their credit-card information. But it also points to good news, which is that companies are clearly beginning to take this threat seriously. It’s encouraging that Rooster Teeth’s IT team was able to discover and remove the malicious code on the same day it was introduced. Organizations can learn from this example, and should be sure to put processes in place to manage and review susceptibility to the Magecart threat through third-parties.

Magecart does not appear to be going away anytime soon, so it would be prudent for companies to secure their networks as best as possible against them.