SCUF Gaming Store Hacked To Steal Credit Card Information From 32,000 Customers
Image: SCUF Games
SCUF Gaming International, a leading manufacturer of custom controllers for PCs and consoles, is informing customers that its website was hacked in February to implant a malicious script used to steal their credit card information.
SCUF Gaming manufactures high performance, custom gaming controllers for PCs and consoles, used by both professional and casual gamers
It has 118 issued patents and 52 other pending patent applications covering key areas of the controller, including the trigger control mechanism, rear control functions and grip, and more.
More than 32,000 customers impacted
SCUF Gaming customers have been victims of a web skimming attack (also known as e-Skimming, digital skimming or Magecart).
Attackers then sell it to others on hacking or carding forums or use it in various financial fraud or identity theft schemes.
In this case, the malicious script was deployed to SCUF Gaming’s online store after attackers gained access to the company’s backend on February 3 using login credentials belonging to a third-party vendor.
Two weeks later, on February 18, SCUF was alerted by its payment processor to unusual activity related to credit cards used on its online store.
The payment skimmer was detected and removed a month later, on March 16, following what the company calls “a rigorous investigation in partnership with third-party forensic experts.”
“Our investigation determined that orders processed through PayPal were not compromised and that the incident was limited to payments or attempted credit card payments between February 3 and March 16,” SCUF Gaming said in violation notification letters sent to the people concerned.
“The data potentially exposed was limited to the cardholder’s name, email address, billing address, credit card number, expiration date and CVV.”
Although the company did not disclose the number of people affected in the notification letters, it told the Maine attorney general’s office that a total of 32,645 people were affected.
Customers advised to monitor their bank accounts
SCUF Gaming too customers sent by e-mail in May to alert them that their credit card information may have been exposed in a data breach and ask them to monitor their bank accounts for any suspicious activity.
“This communication does not mean that fraud has taken place or will occur on your payment card account,” SCUF Gaming told affected customers today.
“You should monitor your account and notify your card provider of any unusual or suspicious activity. As a precaution, you can request a new payment card number from your supplier. “
April 10, SCUF Gaming revealed another data breach after exposing an “internal development database” containing over 1.1 million customer records with personal and payment information.
A spokesperson for SCUF Gaming was not immediately available for comment when contacted by BleepingComputer earlier today.