Fraudulent Charges Worry Warner Music Group Customers

NOTICE: If you reside in California, made an online purchase on a Warner Music Group e-commerce website between April 25, 2020 and August 5, 2020 and received a NOTICE OF DATA BREACH, contact the Arnold Law Firm at (916) 777-7777.

Consumers are reporting fraudulent credit card activity that appears to be the result of a massive Warner Music Group (WMG) credit card hack that spanned over three months of online transactions involving multiple websites.

typing on laptop to access credit cardWhile the international music conglomerate publicly announced the data breach, it has not yet disclosed which of its ecommerce websites were compromised or how many consumers were affected. WMG continues to notify additional customers, according to current discussions on Reddit.

Cyber security experts say the e-skimming breach appears to be a Magecart attack.

Magecart is a malicious hacking group that targets online shopping cart systems, usually the Magento Marketplace system, to capture customer payment card details during ecommerce transactions. The Magecart malware taps into online shopping carts while they complete their purchase.

When the shopping cart purchase button is clicked, Magecart grabs an image of the transaction and sends it to the hacker's server. This approach is highly effective, because image file requests are less likely to be monitored by security systems.

The stolen confidential information is then sold on the dark web, often including security details, such as the card verification value (CVV) number on the back of your credit card.

Magecart has been active since 2016, and has become increasingly prolific as a lucrative source of revenue for hackers. For example, data stolen from an attack on another e-commerce platform in 2019 was valued at $133M on the dark web. 

Magecart was blamed for several recent payment card skimming scripts, including MyPillow.com and Claire’s.

According to a State of Security report by PCI Pal, over a fifth (21 percent) of US consumers say they will not return to a brand that has suffered a data breach, and 83% claim they would stop spending for several months after a breach or serious incident. RSA Security research found that 69 percent of global consumers are prepared to boycott any company they believe does not take data protection seriously.

If you reside in California, made an online purchase on a Warner Music Group e-commerce website between April 25, 2020 and August 5, 2020, contact the Arnold Law Firm at (916) 777-7777 to discuss your situation and possible developing legal options.