A video game developer gave customers a $5.00 discount off their next purchase after discovering a data breach that affected two of its online stores. Nippon Ichi Software, a Japanese developer and publisher of video games, claims in an email sent out to customers that it identified the breach on 26 February. The incident involved the addition of a "malicious process" to the checkout pages of two of its online stores, nisamerica and snkonlinestore. NIS believes the process was active since at least 23 January. The company explains in its email that the modification allowed attackers to skim unsuspecting customers' personal information when they completed an order using their credit cards outside of PayPal during the specified time period. As quoted by Nintendo Life:
After entering their billing, shipping, and payment information, the customer would be temporarily redirected to an offsite web page not owned or operated by NIS America, Inc. This malicious process would record the information provided by the customer during the checkout process, including credit card information, billing address, shipping address, and email address. Afterward, the malicious process would return the customer to the NIS America store page to complete their transaction.
Cybersecurity Vulnerability Manager Kevin Beaumont heard that a writable AWS S3 bucket was behind the breach. https://twitter.com/GossiTheDog/status/969002128948768768 At this time, NIS has not confirmed what issue caused the redirects. In response to the breach, the company temporarily took down its affected online stores and solved whatever was causing the malicious activity. It then announced it will be giving affected customers $5.00 off their next purchase to demonstrate its "commitment and appreciation of [its] customers as [it] begin[s] to regain [their] trust." This move angered some customers. They claim it falls short of compensating them for the thousands of dollars in fraudulent credit card transactions that led to the cancellation of their payment cards. https://twitter.com/CrazyCanuck84/status/969232981507354625 NIS has not indicated it will be offering identity theft protection services to affected customers other than those that users can already obtain for free through the U.S. government. Hopefully, the company will come clean about what caused the redirects soon. In the meantime, companies should make sure they are taking adequate steps to secure their own AWS management configurations. Doing so can help them prevent an AWS S3 storage data security incident.
