Over 4,600 websites, including online shopping stores, blogs and e-learning websites have been breached by hackers in an attack. The malicious code targets third-party elements such as live chat support widgets and analytics tools.
It was aimed to take information from all text fields, regardless of what they contained, implying that any information – from names to payment details – entered on the compromised websites would be logged and sent to the hackers.
Willem de Groot, a forensic analyst at Sanguine Security found the Picreel breach and tweeted about it yesterday. He wrote that the information is being relayed to exfil servers in Panama. He commented about the second hack, mentioning that the code had been decoded and can be accessed here. Among the websites affected are product review site Gear Patrol, Shutterstock's effects-sharing platform, Rocketstock, and Discover magazine's website.
These attacks are called third-party/value-chain/supply-chain attacks where hackers enter the website using a third-party plugin. As per a report from Symantec, a cybersecurity firm, such attacks increased by 78 percent between 2017 and 2018, making cybersecurity a major concern for value-chain providers.
Picreel operates on websites by tracking visitor movement and delivering relevant advertisements to boost ad revenue. Alpaca Forms is an open-source form creation service sponsored by Cloud CMS, a content-management platform.
According to an update of the ZDNet report, Cloud CMS subsequently intervened and resolved the tainted code. The company clarified that there was no security breach with Cloud CMS and there were no problems with any of its customers or products. There is no evidence to suggest this however, unless users applied the Alpaca Forms script to their sites on their own.
At the time of writing, 1,249 websites are live and still affected by the Picreel breach. 3,435 websites still have the code from the Alpaca breach. This hack is not like that time political party, BJP's website got hacked. This breach can allow hackers to gather names, mobile numbers and bank account details along with browsing data. Thus, visitors surfing these websites are advised to exercise caution.