‘Blick Art’ Discloses Skimming Incident that Compromised Customer Credit Cards

Published on September 17, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

If you’ve bought any supplies from the Blick Art website (dickblick.com) between March 11, 2020, and December 15, 2020, chances are that your credit card details are in the hands of Magecart actors. The company that operates the popular online shop has discovered that someone had planted a skimming code on the payment/checkout page. Skimmers are small and nasty snippets of code that can capture what customers enter on payment forms and exfiltrate it to actor-controlled infrastructure.

As the notice letters that are now sent to affected customers detail, the information that may have been compromised due to this incident includes the following:

Unfortunately, the above is all that is needed to make online purchases, so customers of 'Blick Art' are at risk of being burdened with fraudulent transactions. If you're one of them, you are advised to keep an eye on your bank account statements and report any transactions that you don’t recognize to your card issuer. 'Blick Art' says they already informed the affected banks with full details about which cards have been exfiltrated, so the affected accounts should either be already frozen, closed, or have a new payment card issued.

Finally, the company assures its customer base that this won’t happen again thanks to the enhanced security safeguards they have implemented now. Moreover, they will regularly monitor their website for similar intrusions and code injects, so even if Magecart actors knock at their door again, they shouldn’t have any way to remain unnoticed for a whopping 10-month period.

A similar incident from a smaller online shop of food supplements named ‘Metabolic Maintenance’ (metabolicmaintenance.com) was also disclosed through the circulation of notices of a data breach, defining the period of exposure between May 2020 and July 2021. In this case - names, addresses, and full payment card information have been compromised.

The owner of the website explains that it took them very long to figure out this compromise on their site because the skimming code that was deployed was designed to evade detection and thus required specialized analysis to identify and remove. For this, they contracted a forensic security firm that conducted an in-depth investigation, eventually locating and uprooting the malicious code. They then helped the site implement a state-of-the-art security system that includes a stronger firewall, activity logging, traffic monitoring.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: