Summary: Casio UK’s e-shop was compromised from January 14 to 24, 2025, allowing hackers to deploy malicious scripts that stole sensitive customer information. The breach was reported by JSCrambler, who noted that the attack exploited Magento vulnerabilities and affected multiple websites. Despite having Content Security Policy (CSP) protections, they were improperly configured, which facilitated the attack.
Affected: Casio UK e-shop
Keypoints :
- Malicious scripts on the e-shop stole credit card and personal customer details during a specified period.
- The attack utilized a two-stage skimmer, fetching obfuscated scripts from a Russian hosting provider.
- Casio UK’s CSP was misconfigured, allowing the attack to occur without actively preventing malicious script execution.