truefire data breach
Online guitar tutoring website TrueFire has apparently suffered a 'Magecart' style data breach incident that could have led to the exposure of its customers' personal information and payment card information.

TrueFire is one of the popular guitar tutoring websites with over 1 million users, where wanna-be-guitarists pay online to access a massive library of over 900 courses and 40,000 video lessons.

Through TrueFire hasn't yet publicly disclosed or acknowledged the breach, the information becomes available to The Hacker News after a few affected customers posted online about a notification they received from the company last week.

The Hacker News also found a copy of the same 'Notice Of Data Breach' uploaded recently to the website of Montana Department of Justice, specifically on a section where the government shares information on data breaches that also affect Montana residents.

Confirming the breach, the notification reveals that an attacker gained unauthorized access to the company's web server somewhere around mid last year and stole payment information of customers that were entered into its website for over five months, between August 3, 2019, and January 14, 2020.

"While we do not store credit card information on our website, it appears that the unauthorized person gained access to the site and could have accessed the data of consumers who made payment card purchases while that data was being entered," the breach notification says.

"We cannot state with certainty that your data was specifically accessed; however, you should know that the information that was potentially subject to unauthorized access includes your name, address, payment card account number, card expiration date, and security code," the breach notification says.

data breach notification

While the company didn't explain how the attackers compromised its website or if they had injected a digital credit card skimmer on it, the scenario looks very similar to a Magecart style attack.

For those unaware, Magecart hackers compromise websites and secretly insert malicious JavaScript code into their checkout pages that silently captures payment information of customers making purchasing on the sites and then send it to the attacker's remote server.

The company discovered this security incident on January 10 and claimed to have now patched the web vulnerability that allowed attackers to compromise its website in the first place.

Guitarists who made any online payment at the TrueFire website between last August and this January are advised to block the affected cards and request a new one from your respective financial institution.

Other customers are also advised to be vigilant and keep a close eye on their bank and payment card statements for any unusual activity.

As a precaution, all users are also encouraged to change passwords for TrueFire account and for any other online account where they use the same credentials.
Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.