The popular online guitar tutoring website TrueFire has suffered a ‘Magecart‘ style security breach that might have exposed customers’ personal information and payment card data.
TrueFire has over 1 million users, its customer could pay to receive guitar tutorial from a library of over 900 courses and 40,000 video lessons.
The news of the incident was reported by several websites and forums, such as Guitar.com and
“On January 10, 2020, TrueFire discovered that an
“While we do not store credit card information on our website, it appears that the unauthorized person gained access to the site and could have accessed the data of consumers who made payment card purchases while that data was being entered,” states the data breach notification.
The company did not disclose technical details of the hack, but experts speculate the attackers could have injected a software skimmer on the website to steal payment card information.
The security breach was spotted on January 10, the company quickly addressed the vulnerability exploited by the attacker to compromise the website.
Customers who made online payments on
“We cannot state with certainty that your data was specifically accessed; however, you should know that the information that was potentially subject to unauthorized access includes your name, address, payment card account number, card expiration date, and security code,”
Anyway any customer of the company should monitor their bank and payment card statements for any suspicious activity.
TrueFire is requesting users to change passwords for their accounts.