Hackers breach e-commerce websites operated by Warner Music Group

WMG hasn’t disclosed the number of websites compromised or how the hackers accessed such critical information.

The multinational entertainment and record label conglomerate Warner Music Group (WMG) has reported a cyberattack incident involving multiple e-commerce websites hosted and supported via an external service provider.

This particular instance may have allowed an ‘unauthorized third party’ to have accessed sensitive and confidential customer information including names, email addresses, contact numbers, billing and shipping address, and credit card details (number, expiration date, CVC/CVV codes).

The third-largest global music recording company has been an industry-leading force for more than four decades. However, on 5th August the conglomerate discovered that hackers had breached and compromised a number of their US-based e-commerce websites that were operated by them with support from an external service provider.

See: Tokopedia hacked – Login details of 91 million users sold on dark web

The threat actors were potentially able to acquire personal information from the affected websites between 25th April 2020 till 5th August 2020.


Any online transactions that could have occurred between the aforementioned timeline might have been breached and compromised. Not only this but accessing such personal information could more or less risk customers and expose them to fallacious transactions and frauds. If its any consolation, payment made using PayPal wasn’t affected by this unfortunate incident.

It is worth noting that the record label after discovering the breach immediately launched a forensic investigation with leading cybersecurity experts’ assistance. Other remedial measures in pursuits include informing credit card providers and law enforcement agencies.

Also, staunch protection and monitoring methods to enhance customer experience have been deployed through Kroll for a whole year free of cost. The latter is a global leader in risk mitigation and provides a response in cases wherein, confidential data has been exposed.

If you identify any potentially suspicious transactions or other indications of identity theft, you should contact the relevant bank or card provider as soon as possible, the company said in its breach notification.

However, WMG hasn’t disclosed the number of websites compromised or how the hackers connivingly accessed such critical financial and personal information. Withal, signs and fingers point to a ‘textbook definition of a Magecart attack.’

The threat actors involved in Magecart attacks usually insert malicious JavaScript code into e-commerce sites with the aim to steal sensitive credit card details from payment forms submitted at the checkout web page.

See: Attackers steal payment information through Google Analytics

Nonetheless, customers have been advised to monitor their payment and billing details with hawk eyes. Anything out of the blue should immediately be reported to the relevant bank or card service providers. Also, be wary of email correspondence received from WMG.

Did you enjoy reading this article? Do like our page on Facebook and follow us on Twitter.

Related Posts