Utah-based consumer electronics accessories manufacturer ZAGG had its customers' credit card details compromised following a breach of the third-party FreshClicks app available through software-as-a-service e-commerce platform provider BigCommerce, BleepingComputer reports.
Infiltration of FreshClicks enabled threat actors to deploy malicious code that exfiltrated names, addresses, and credit card details from ZAGG.com shoppers from Oct. 26 to Nov. 7, said ZAGG in a breach notice that has also been filed with the Office of the Maine Attorney General.
Additional information regarding the actual number of individuals affected by the incident has not yet been provided but ZAGG has confirmed remediation efforts and complimentary credit monitoring services for the victims.
Meanwhile, such an incident was stressed by BigCommerce to not have affected any of its systems.
"Using our internal tools and in communication with the partner, we verified the third-party FreshClicks App was compromised. Acting in the best interest of our customers and their shoppers, we immediately uninstalled the app in their stores, which removed any compromised APIs and malicious code," BigCommerce added.
