Star letter
I was a victim of the recent Claire’s hack. Malware was loaded onto the Claire’s payment processing server and intercepted everything entered on the checkout page so, rather than steal saved details, it quietly harvested details of everyone at the point they made a purchase online. This malware was apparently active for several weeks.
To be fair to Claire’s, they notified me of this a couple of weeks ago. Today, I noticed several fraudulent transactions on the card. I was able to block most of them before they cleared my account. Thankfully, I used a credit card, meaning it was less inconvenient than losing access to my current account.
I regularly read PC Pro and, like probably all your readers, use a password manager, 2FA via an app where possible and have up-to-date virus protection. I choose not to set up accounts with online retailers nor save card details unless required. I didn’t set up an account or save card details with Claire’s. Despite this, my details were still stolen by a server-side attack at the point of purchase. I’d never come across this kind of attack before, and the data breach passed under my radar until Claire’s notified me directly.
I will now use a VPN at home for all online transactions. However, I don’t think even a VPN would have helped here because the attack was on Claire’s server itself, outside the VPN. In any case, I thought other PC Pro readers might be interested to know this risk exists, especially as we shop online more due to Covid-19.