Warner Music Group Breach


In a continuing trend of targeting big-name conglomerates, Warner Music Group has issued a notification of a data breach following a prolonged skimming attack on a so far undisclosed number of e-commerce websites.

August 5th 2020 saw the label discover the cyber-attack by an unauthorised third party that had installed data-skimming malware to access information being entered by customers on the site. Warner’s e-commerce platforms utilize an external service provider throughout the US whilst being operated by the music label.

Among the personal data that was compromised in the attack included customer names, telephone numbers, billing/shipping addresses and email addresses to much more personal items like credit card numbers, expiration dates and CVV and CVC codes.

Although Paypal transactions were not compromised during the incident, it is stated that the cyber-criminal was able to access customer information via the websites for a period between April 25th to August 5th 2020. The cyber-criminal behind the acks has not yet been identified.

As Warner Bros were identified, they immediately informed affected customers of the severity of the breach advising them that personal information was obtained by the third party after placing items in the shopping cart. Warner promptly informed relevant credit card providers with swift information regarding the breach as well as law enforcement.

The company has not fully disclosed exactly how many customers have been affected by the incident but those that have been victim to the breach have been provided with 12 months free identity monitoring services by Warner Bros.

This is a particularly sensitive breach for Warner Bros after suffering a leak of over 3 TB of internal data relating to Vevo in 2017. The premium music video provider fell victim to a phishing scam which was highly public.

With digital skimming and Magecart attacks being a huge avenue for cyber-hackers due to their lucrative revenue source, larger targets are being sought by those looking to score big on payouts. The dark web has been known to provide payouts in the millions, such as one e-commerce platform’s data was valued at over 130 million dollars just last year alone.

For more information on cyber-attacks and how to protect data online, see upcoming Whitehall Media events.