Around 4000 Websites Send Personnel Details To Hackers


Around 4000 websites have been attacked by the hackers and there personnel information is targeted by the malicious code that targets third-party elements such as live chat support widgets and analytics tools.

The malicious code can take all the information from all text fields from names to payment details entered on the compromised websites would be logged and sent to the hackers.

Hackers modified the JavaScript files to embed malicious code which enabled any information entered by visitors to get leaked to the hackers.

These attacks are called third-party/value-chain/supply-chain attacks where hackers enter the website using a third-party plugin. As per a report from Symantec, a cybersecurity firm, such attacks increased by 78 percent between 2017 and 2018, making cybersecurity a major concern for value-chain providers.

At the time of writing, 1,249 websites are live and still affected by the Picreel breach. 3,435 websites still have the code from the Alpaca breach. This hack is not like that time political party, BJP’s website got hacked. This breach can allow hackers to gather names, mobile numbers and bank account details along with browsing data. Thus, visitors surfing these websites are advised to exercise caution.