Softpedia >News >Security >Data Breaches
Softpedia Homepage   

Mohu Loses Credit Card Details for 2,500 Clients During Data Breach

The company offers free credit monitoring services for a year for all users affected in the data breach

Sep 8, 2015 22:10 GMT  ·  By
Mohu suffers data breach
   Mohu suffers data breach

Mohu, a US company that sells consumer electronics, has informed legal authorities of a data breach it suffered during the months of June and July.

According to a fax sent to the Office of the New Hampshire Attorney General, the company is reporting a data breach that took place during June 3 and July 28.

The breach was discovered by Mohu staff, and consisted of malicious code being injected into Mohu's website located at gomohu.com.

Mohu claims it removed the malicious code on the same day it was discovered, but this was not enough to prevent attackers from stealing the details of around 2,500 customers.

Credit card data was stolen

To make matters worse, not only personal data like names, addresses, emails, and phone numbers were stolen, but so were credit card details like the card number, expiration date, and CVV code.

These details are more than enough for an attacker to make fraudulent purchases with the data exfiltrated from the Mohu website database.

On August 10, Mohu started sending letters to all affected users, informing them of the data breach, and also presenting some precautionary steps they could take to protect their personal finances.

Besides information on how to review account statements and on how to request credit reports, the company also offered a free year of credit monitoring services for all affected users.

For some users, it was too little, too late

Despite this, SC Magazine reports on a Twitter user who had to cancel his credit card, after mysterious transactions appeared in his credit report, all originating from somewhere in Europe.

Following the normal procedure in this kind of incidents, Mohu also reported the data breach to the FBI, the US Secret Service, and all local law enforcement agencies.

Additionally, the company also hired the services of two security consulting firms.

Just last weekend we reported on a similar data breach regarding the ReverbNation website, after which all users that registered prior to May 2014 had to change their passwords. No credit card details were lost in that data breach, but unlike Mohu, it took ReverbNation over a year to inform its userbase.