TrueFire Guitar tutoring website was hacked, financial data might have been exposed

The online guitar tutoring website TrueFire was compromised by hackers in a classic Magecart style attack that exposed customers’ payment card data.

The popular online guitar tutoring website TrueFire has suffered a ‘Magecart‘ style security breach that might have exposed customers’ personal information and payment card data.

TrueFire has over 1 million users, its customer could pay to receive guitar tutorial from a library of over 900 courses and 40,000 video lessons.

The news of the incident was reported by several websites and forums, such as Guitar.com and Jazzguitar.be, which are regularly visited by guitarists. The websites were informed by some affected TrueFire customers which shared details the data breach notification they received from the company.

“On January 10, 2020, TrueFire discovered that an unauthorised person gained access to our computer system and, more specifically, to information that consumers had entered through the website. While we do not store credit card information on our website, it appears that the unauthorized person gained access to the website and could have accessed the data of consumers who made payment card purchases while that data was being entered, between August 3, 2019 and January 14, 2020.” reads the Notice Of Data Breach. ” “We cannot state with certainty that your data was specifically accessed, however you should know that the information that was potentially subject to unauthorised access includes your name, address, payment card account number, card expiration date and security code.”

“While we do not store credit card information on our website, it appears that the unauthorized person gained access to the site and could have accessed the data of consumers who made payment card purchases while that data was being entered,” states the data breach notification.

The company did not disclose technical details of the hack, but experts speculate the attackers could have injected a software skimmer on the website to steal payment card information.

The security breach was spotted on January 10, the company quickly addressed the vulnerability exploited by the attacker to compromise the website.

Customers who made online payments on the TrueFire website between August 2019 and January 2020 could have been impacted and are recommended to block their payment cards.

“We cannot state with certainty that your data was specifically accessed; however, you should know that the information that was potentially subject to unauthorized access includes your name, address, payment card account number, card expiration date, and security code,”

Anyway any customer of the company should monitor their bank and payment card statements for any suspicious activity.

TrueFire is requesting users to change passwords for their accounts.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – TrueFire, cybercrime)

[adrotate banner=”5″]

[adrotate banner=”13″]