Basically, SCUF’s website was attacked by a web skimmer, which allowed the malicious individuals to pull the personal information from people who made credit card purchases through SCUF Gaming’s online store. Threat actors access a compromised online store, which allows them to harvest and steal information from customers.
With this attack on February 3, hackers used login credentials belonging to a third-party vendor to gain unauthorized access to SCUF Gaming’s backend, which allowed it to place the skimmer and get the information it wanted. In this case included credit card numbers, cardholder name, email address, billing address, expiration date, and CVV.
On February 18, SCUF was alerted by its payment processors of unusual activity, and the payment skimmer was found and removed on March 16. That means that only purchases made between February 3 and March 16 are at risk. Additionally, SCUF said that PayPal transactions were not compromised.
In total, SCUF Gaming told the Office of the Maine Attorney General that 32,645 individuals were affected, according to BleepingComputer.
SCUF has started emailing people who had their data compromised by the attack, so you should have received an email if you were a victim. The company also sent emails in May warning of a possible attack.
Even if you didn’t make a purchase within the dates mentioned above, you should be careful and monitor the card you used to ensure there are no unauthorized transactions.
RELATED: How to Stop Identity Thieves from Opening Accounts in Your Name