Converse E-Commerce Site Hacked for Payment Info

Written by

Australian fans of the iconic Converse All-Star sneaker brand beware: The company’s digital Oz outpost has been hacked.

The company’s e-commerce site was intercepting payment details for website visitors that made purchases between Sept. 2 and Oct. 12 of this year.

Security researcher Troy Hunt broke the news, posting a tweet showing the letter that the company sent customers.

“We were recently made aware that www.converse.com.au was targeted by computer hackers using malicious programs known as malware,” the letter reads. “This malware targeted payment card information.”

The site is actually run by a company called Conquest Sports, which licenses the Converse name in Australia and New Zealand. So, other sites elsewhere in the world remain unaffected.

The good news is that Conquest Sports was able to catch the intrusion quickly—once discovered on Oct. 12, it remediated the issue the same day, it said.

The news comes just as Australia reels from its largest-ever data breach, stemming from an attack on the Australian Red Cross Blood Service.

The data stolen in that attack included over 1.2 million records pertaining to 550,000 blood donor applicants. The information crucially included answers to a highly sensitive question on whether the applicant had engaged in "at-risk" sexual behavior over the past year.

Other info included names, blood types, dates of birth, email and snail mail addresses and phone numbers—all of which could be used in subsequent phishing attacks.

Photo © emka74/Shutterstock.com

What’s hot on Infosecurity Magazine?