A security researcher has discovered that ABS-CBN’s online store was hacked, putting customers personal and financial data at risk.
Update: ABS-CBN has issued a statement regarding the incident. As it turns out, their UAAP Store (uaapstore.com) were also affected. We’ve attached the statement at the end of the article.
According to an article posted by Dutch security researcher Willem “gwillem” de Groot, he discovered a payment skimmer which has been running since August 16, 2018, in ABS-CBN’s online store. The skimmer intercepts the customer’s personal and credit card information when they shop. According to Groot, the stolen data was sent to servers registered in Irkutsk, Russia.
According to ZDNet, the data theft is the work of Magecart, a group connected to attacks against British Airways and Ticketmaster.
ABS-CBN’s online store sells merchandises like apparels, accessories, books, magazines, CDs, and DVDs, as well as novelties that are related to the company’s shows and programs.
Groot said he has notified ABS-CBN of the breach but is yet to receive a response. We tried accessing ABS-CBN’s online store (store.abs-cbn.com) but the site is down as of writing.
We will also reach out to ABS-CBN for a statement and update this post as soon as it becomes available.