SCUF Gaming International, a leading manufacturer of custom gaming controllers, has recently revealed the news that in February, its website was hacked. According to the alert, the attackers used a malicious script to steal the customers’ credit card information.
SCUF Gaming makes high-performance gaming controllers for PCs and consoles, used by both professional and casual gamers. It has been granted 118 patents and has 52 other pending patent applications.
Attackers infected its website with JavaScript-based scripts known as credit card skimmers. These scripts steal customers’ credit and other personal information in what is known as e-Skimming, digital skimming, or Magecart attacks. Attackers later sell this information on hacking or carding forums or use it themselves to perform financial or identity theft fraud.
The SCUF Gaming’s attackers gained access to the company’s backend on February 3rd using login credentials stolen from a third-party vendor. On February 18th, SCUF’s payment processor alerted it to unusual credit card activity linked to its web store.
Following “a rigorous investigation in partnership with third-party forensic specialists,” the infection was removed a month later. SCUF Gaming also emailed customers in May to warn them about a potential breach.
“Our investigation has determined that orders processed via PayPal were not compromised and that the incident was limited to payments or attempted payments via credit card between February 3rd and March 16th,” SCUF Gaming says in breach notification letters sent to affected individuals. “The potentially exposed data was limited to cardholder name, email address, billing address, credit card number, expiration date, and CVV.”
In a report with the Office of the Maine Attorney General, SCUF Gaming said that 32,645 individuals were affected in the breach.
On April 10th, SCUF Gaming revealed that its internal development database containing over 1.1 million customer records was exposed online. The company has offered no further information about this incident.
“You should monitor your account and notify your card provider of any unusual or suspicious activity. As a precaution, you may wish to request a new payment card number from your provider,” the company advised.
