Supply chain [SC] Supply Chain

e-commerce sites of Feedify Third-Party Breach (September 2018)

2018-09-01 [vendor] Feedify
Primary Source ↗

Incident Details

Feedify cloud service architecture compromised by MageCart crime gang. MageCart cyber gang compromised the cloud service firm Feedify and stole payment card data from customers of hundreds of e-commerce sites. UAT-10362 linked to LucidRook attacks targeting Taiwan-based institutions. Bitcoin Depot hack leads to $3.6M Bitcoin theft via stolen credentials. Third-party company: Feedify.

Technical Details

Initial Attack Vector
Compromise of third-party service provider / vendor relationship
Vendor / Product
Feedify
Supply Chain Attack
✅ Confirmed third-party / vendor compromise

Timeline

  1. 2018-09-01 Breach occurred
  2. 2018-09-16 Publicly disclosed