credit card stolen banner

Casio UK E-Shop Hacked: Customer Credit Cards Stolen

2 Mins Read

PureVPNNewsCasio UK E-Shop Hacked: Customer Credit Cards Stolen

Between January 14 and 24, 2025, hackers compromised Casio UK’s online store, deploying malicious scripts that intercepted customer credit card details and personal information. 

Identified and reported by JSCrambler on January 28, the breach prompted a swift response to eliminate the malicious code within a day.

The exploit used known vulnerabilities in the Magento platform and affected Casio as well as 17 other ecommerce sites, which remain undisclosed as remediation efforts continue.

Technical Breakdown of the Attack

Hackers initiated their attack with a two-tier skimming operation. A basic skimmer embedded directly on the site served as the gateway for loading a more complex, second-stage skimmer hosted on a Russian server. 

The advanced skimmer, designed with custom encoding and XOR obfuscation techniques, was crafted to evade detection tools effectively. Instead of redirecting to a legitimate checkout process, unsuspecting customers were taken to a bogus checkout form.

This form captured a wide variety of customer information like names, addresses, and credit card information, only activating when items were added to the cart but not when the ‘buy now’ option was used.

Upon submission, customers faced a fake error message before being rerouted to the actual Casio checkout page, oblivious to the theft of their data. The stolen information was then encrypted using AES-256-CBC encryption and sent to the attackers’ server.

Decrypted sample of exfiltrated payload (Source: JSCrambler)

Security Shortcomings & Previous Breaches

JSCrambler explained, “Casio UK had a Content Security Policy (CSP) in place, but it was set to report-only mode (Content-Security-Policy-Report-Only) and was not configured to report back any violations (no report-uri or report-to directives).” Due to this, these breaches were merely logged in the browser console instead of being blocked.

Casio has been the victim of multiple cybersecurity incidents in recent times. A ransomware attack in October 2024 exposed the data of around 8,500 individuals. In the same month, another breach disclosed the personal data of users from its ClassPad education platform, affecting customers from 149 countries.

author

Anas Hasan

date

February 4, 2025

time

1 month ago

Anas Hassan is a tech geek and cybersecurity enthusiast. He has a vast experience in the field of digital transformation industry. When Anas isn’t blogging, he watches the football games.

Related Stories

Google Chromecast Users Face ‘Untrusted Device’ Error – Here’s How to Fix It

Google Chromecast Users Face ‘Untrusted Device’ Error – Here’s How to Fix It
Posted on March 12, 2025
EncryptHub Breaches Hundreds of Organizations Globally

EncryptHub Breaches Hundreds of Organizations Globally
Posted on February 27, 2025
Bybit Confirms Historic $1.46 Billion ETH Cold Wallet Breach

Bybit Confirms Historic $1.46 Billion ETH Cold Wallet Breach
Posted on February 24, 2025

Have Your Say!!

Join 3 million+ users to embrace internet freedom

Signup for PureVPN to get complete online security and privacy with a hidden IP address and encrypted internet traffic.

Get PureVPN