The popular online guitar tutoring website TrueFire has suffered a ‘Magecart‘ style security breach that might have exposed customers’ personal information and payment card data.
TrueFire has over 1 million users, its customer could pay to receive guitar tutorial from a library of over 900 courses and 40,000 video lessons.
The news of the incident was reported by several websites and forums, such as Guitar.com and
“On January 10, 2020, TrueFire discovered that an
“While we do not store credit card information on our website, it appears that the unauthorized person gained access to the site and could have accessed the data of consumers who made payment card purchases while that data was being entered,” states the data breach notification.
The company did not disclose technical details of the hack, but experts speculate the attackers could have injected a software skimmer on the website to steal payment card information.
The security breach was spotted on January 10, the company quickly addressed the vulnerability exploited by the attacker to compromise the website.
Customers who made online payments on
“We cannot state with certainty that your data was specifically accessed; however, you should know that the information that was potentially subject to unauthorized access includes your name, address, payment card account number, card expiration date, and security code,”
Anyway any customer of the company should monitor their bank and payment card statements for any suspicious activity.
TrueFire is requesting users to change passwords for their accounts.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.