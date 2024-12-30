An attack on FreshClick has exposed customer payment details and more

The extension is used by Zagg’s ecommerce provider, BigCommerce

Affected customers are getting free credit monitoring for a year

Zagg has notified affected customers of a data breach that put highly sensitive information at risk, including payment card details.

In a letter dated December 26, 2024 (via the Office of the Maine Attorney General), the company confirmed a 12-day-long attack between October 26 and November 7, which it became aware of one day later on November 8.

The problem stems from an attack on FreshClick, a third-party application used by Zagg’s ecommerce software platform provider BigCommerce.

Zagg confirms cyberattack

“We learned that an unknown actor injected into the FreshClick app malicious code that was designed to scrape credit card data entered as part of the checkout process for certain ZAGG.com customer transactions between October 26, 2024 and November 7, 2024," the company confirmed.

Names, shipping and billing addresses, and payment card information could be at risk as a result.

In recognition of the severity of the attack, Zagg is giving affected customers 12 months’ access to credit monitoring through Experian. It’s also urging customers to monitor their financial accounts, place fraud alerts and consider credit freezes to prevent identity theft.

BigCommerce said (via Bleeping Computer): “Acting in the best interest of our customers and their shoppers, we immediately uninstalled the app in their stores, which removed any compromised APIs and malicious code.”

Basic internet hygiene principles like being cautious about sharing certain information and following potentially malicious links go a long way to protecting consumers against potential attacks, however when an attack affects a third-party service such as this, there’s very little that consumers can do, highlighting the widespread risks of online activity.

Apologizing for the inconvenience, Zagg has established a dedicated phone line for concerned customers to seek further answers and advice.