iPhone case maker Zagg hit with big customer credit card number theft

Consumer electronics and iPhone accessory maker Zagg is letting customers know that credit card transactions may have been compromised due to a hack of a third-party payment processor.

Zagg, based in Utah, makes products such as keyboards, phone cases, screen protectors, power banks, and other accessories. It uses BigCommerce to process credit card transactions on its website, which also provides an app called FreshClicks for creating commerce-friendly websites.

It was discovered that an attacker was able to breach the FreshClicks app, injecting malicious code that stole customers' card details, reports BeepingComputer.

Letters sent to Zagg customers explained that an "unknown actor" had injected malicious code into the FreshClick app, designed to scrape credit card data entered as part of the Zagg checkout process. This took place between October 26 and November 7.

The breach was reported to regulators and federal authorities. While the number of affected customers is unreported, the attackers managed to steal names, addresses, and payment card data of customers.

Affected customers were told via the letter to monitor their financial account activity, including adding fraud alerts and a credit freeze. Customers of Zagg who might have had their card details compromised will have their card activity monitored for 12 months via Experian at no charge. .

In a statement, Big Commerce insisted its own systems were not breached or compromised. However, once the problem was discovered, BigCommerce disabled and uninstalled FreshClicks from its clients' stores, which removed compromised APIs and malicious code.