Select Page

Online guitar tutoring website TrueFire has apparently suffered a ‘Magecart’ style data breach incident that may have potentially led to the exposure of its customers’ personal information and payment card information.

TrueFire is one of the popular guitar tutoring websites with over 1 million users, where wanna-be-guitarists pay online to access a massive library of over 900 courses and 40,000 video lessons.

Though TrueFire hasn’t yet publicly disclosed or acknowledged the breach, The Hacker News learned about the incident after a few affected customers posted online details of a notification they received from the company last week.

The Hacker News also found a copy of the same ‘Notice Of Data Breach‘ uploaded recently to the website of Montana Department of Justice, specifically on a section where the government shares information on data breaches that also affect Montana residents.

Confirming the breach, the notification reveals that an attacker gained unauthorised access to the company’s web server somewhere around mid last year and stole payment information of customers that were entered into its website for over five months, between August 3, 2019, and January 14, 2020.

“While we do not store credit card information on our website, it appears that the unauthorised person gained access to the site and could have accessed the data of consumers who made payment card purchases while that data was being entered,” the breach notification says.

“We cannot state with certainty that your data was specifically accessed; however, you should know that the information that was potentially subject to unauthorised access includes your name, address, payment card account number, card expiration date, and security code,” the breach notification says.

images from Hacker News