The 2023 iOttie Magecart Attack: A closer look

Share article
twitter linkedin medium facebook

New York-based car accessories company iOttie began selling aesthetically pleasing mobile phone mounts for vehicles back in 2010 when more and more people were using their smart devices for navigation. It has since risen to become one of America’s most popular brands in this sector, which may help to explain why its online store was recently hit by a Magecart web skimming attack, losing some of its customers’ sensitive data to cyber criminals.

The iOttie Magecart Attack

Magecart attacks are well-known and were first detected ‘in the wild’ in 2010. In the iOttie Magecart attack, threat actors injected malicious JavaScript code into the company’s checkout pages. They designed the code to steal customers’ details, including their names, credit and debit card numbers, financial account numbers, access and security codes, passwords, and personal identification numbers (PINs).

The iOttie Magecart Attack Timeline

The iOttie Magecart attack targeted its online store between April 12 and June 2 this year.

That’s quite a long time for malicious JavaScript code to be sitting there undetected, quietly harvesting valuable customer data. It was only removed when iOttie updated its WooCommerce merchant plugin on June 2, and since the company says that it detected the breach on June 13, this suggests that bringing the iOttie Magecart attack to an end was simply a stroke of luck!

Impact of the iOttie Magecart Attack

The breach leaked sensitive information including names, credit card data, and passwords so iOttie notified its customers to look out for any suspicious transactions on their credit card and bank statements.

The company revealed in a data breach notification that 241 customers were affected, which appears to be mercifully few under the circumstances. Still, any data breach can be enough to dent customer confidence, and it can also attract payment card industry penalties of between $5,000 and $100,000 per month according to the PCI Compliance Guide. Banks may also impose their own penalties, like raising transaction fees or even ending the relationship with a client.

If any customers affected by the iOttie Magecart attack live in the European Union, then the company may also face GDPR penalties.

Finally, there is also the prospect of any or all those 241 customers seeking compensation through the courts, which at the very least could generate more negative publicity about the brand as well as cost it financially.

iOttie hasn’t revealed any details about how the site was compromised but threat actors are believed to have exploited a vulnerability in a WordPress plugin. These kinds of flaws are being increasingly targeted by attackers.

Companies in iOttie’s position often face an uphill struggle to repair their reputation.  They will need to issue public statements, notify affected customers, and they may offer free credit monitoring or identity theft protection services as a goodwill gesture to reassure those affected.

There is also the question of how the code was injected, so iOttie may need to launch an internal investigation to rule out the possibility of an ‘inside job’.

Reflectiz Could Have Prevented the iOttie Magecart Attack

The iOttie Magecart attack could have been avoided if the company had been using the Reflectiz continuous monitoring solution. One problem with client-side attacks like Magecart is that they can often bypass traditional embedded security tools. But Reflectiz was designed to work remotely, so its unique sandbox solution would have detected any malicious changes to the WooCommerce plugin and immediately issued a high-priority alert.

With this level of unrestricted visibility, Reflectiz empowers security teams to shut down attacks on sensitive pages before any damage can be done.

It protects any data that customers type into forms at the checkout by keeping all third- and fourth-party scripts under constant monitoring, so you remain aware of when they’re accessing sensitive data, communicating with malicious domains, keylogging, or performing other dangerous behaviors. Other security solutions can sometimes give you alert fatigue, and they don’t help you to prioritize the right issues. So, Reflectiz focused on creating a user-friendly interface to front its powerful suite of tools, prioritizing the most severe alerts and making it easier for you to respond intelligently to the most harmful threats, first.


The iOttie Magecart attack serves as a reminder that it’s important to regularly update software and plug-ins, as only the latest versions will have the latest protections (which certainly seems to have been the case with the WooCommerce plug-in.) It also demonstrates the importance of having a comprehensive security solution like Reflectiz in place, looking after online shops.

After 13 years and counting, Magecart web skimming attacks are still as popular as ever among the cybercriminal community. Keep your business and your customers safe from them. Get in touch with the team at Reflectiz and experience its next-generation protection from sophisticated and evolving cyber threats today.

Subscribe to our newsletter

Stay updated with the latest news, articles, and insights from Reflectiz.

Your Website looks great!

But what’s happening behind the scenes?

Discover your website blind spots and vulnerabilities before it’s too late!

Try for free