Image
After entering their billing, shipping, and payment information, the customer would be temporarily redirected to an offsite web page not owned or operated by NIS America, Inc. This malicious process would record the information provided by the customer during the checkout process, including credit card information, billing address, shipping address, and email address. Afterward, the malicious process would return the customer to the NIS America store page to complete their transaction.Cybersecurity Vulnerability Manager Kevin Beaumont heard that a writable AWS S3 bucket was behind the breach. https://twitter.com/GossiTheDog/status/969002128948768768 At this time, NIS has not confirmed what issue caused the redirects. In response to the breach, the company temporarily took down its affected online stores and solved whatever was causing the malicious activity. It then announced it will be giving affected customers $5.00 off their next purchase to demonstrate its "commitment and appreciation of [its] customers as [it] begin[s] to regain [their] trust." This move angered some customers. They claim it falls short of compensating them for the thousands of dollars in fraudulent credit card transactions that led to the cancellation of their payment cards. https://twitter.com/CrazyCanuck84/status/969232981507354625 NIS has not indicated it will be offering identity theft protection services to affected customers other than those that users can already obtain for free through the U.S. government. Hopefully, the company will come clean about what caused the redirects soon. In the meantime, companies should make sure they are taking adequate steps to secure their own AWS management configurations. Doing so can help them prevent an AWS S3 storage data security incident.
