ZAGG Inc., a well-known manufacturer of mobile accessories, has revealed that a recent data breach compromised customer credit card information, Bleepingcomputer reports.
The breach occurred after attackers exploited a vulnerability in a third-party application, FreshClicks, which is offered through ZAGG’s e-commerce platform provider, BigCommerce. The malicious activity took place between October 26 and November 7, 2024, when hackers injected harmful code into the FreshClicks app. This code was designed to scrape sensitive payment details entered during the checkout process on ZAGG’s website.
BigCommerce, a software-as-a-service (SaaS) platform that provides e-commerce solutions for businesses, detected the breach through internal monitoring tools. Although BigCommerce’s core systems were not compromised, the platform confirmed that the FreshClicks app had been hacked. To mitigate the threat, BigCommerce uninstalled the compromised app from affected stores, effectively removing the malicious code. FreshClicks, a third-party app not directly developed by BigCommerce, is typically used to enhance online store functionality, but its compromise raised concerns about the security of third-party integrations.
As a result of the breach, attackers accessed customers’ names, addresses, and payment card information. ZAGG has taken several steps to address the issue, including notifying federal law enforcement and regulators, implementing new security measures, and offering impacted customers 12 months of free credit monitoring services through Experian. Customers are also being encouraged to closely monitor their financial accounts, place fraud alerts, and consider freezing their credit to prevent unauthorized access.
The company has not disclosed how many customers were affected by the breach. However, this incident highlights the potential risks associated with third-party applications in e-commerce platforms. While BigCommerce assured users that its core systems remained secure, the breach underscores the need for both businesses and customers to remain vigilant about cybersecurity threats. As online shopping continues to grow, the importance of securing sensitive data has never been more critical.
