ZAGG Inc. After a breach of BigCommerce’s third-party utility, unauthorized individuals gained access to confidential information about clients’ bank cards.

Zagg is a prominent manufacturer of consumer electronics accessories, renowned for its portfolio of products including phone cases, screen protectors, keyboards, and power banks. With a presence in Utah, the company boasts an impressive annual income of $600 million.

The breach of the FreshClicks app offered by BigCommerce allowed an attacker to inject malicious code, subsequently stealing sensitive customer payment information, including credit card details.

An unknown actor infiltrated the FreshClick app, inserting malicious code that targeted ZAGG.com buyers who entered bank card information during checkout from October 26 to November 7, 2024.

BigCommerce is a leading Austin-based SaaS e-commerce solutions provider, serving a diverse range of businesses, from small to large enterprises across multiple industries and geographies.

FreshClick is a cutting-edge, third-party application designed to simplify the process of crafting professional-looking websites with a focus on responsiveness, specifically tailored for the BigCommerce e-commerce platform. The innovative solution is specifically crafted to boost the efficiency of online retailers and elevate customer knowledge.

Although FreshClick wasn’t created directly by BigCommerce, it’s offered through the platform’s app marketplace, a carefully curated space where merchants can discover and install extensions for their stores.

BigCommerce emphasized that its security measures were not breached or compromised in the press release issued to BleepingComputer. BigCommerce discovered that the FreshClicks app had been compromised, prompting them to promptly remove it from affected stores, utilizing their internal tools.

Upon examining internal mechanisms and collaborating with the accompanying entity, we confirmed that the external FreshClicks application had been compromised. Instantly removing an app from a merchant’s shop eliminates compromised APIs and malicious code, prioritizing customer trust.

As a result of a data breach, an unauthorized party compromised sensitive information on Zagg’s website (zagg.com) between October 26th and November 7th, 2024, including names, addresses, and credit card details belonging to customers.

Following the incident, ZAGG promptly implemented remedial measures, reported the matter to relevant federal regulatory bodies and authorities, and arranged for affected individuals to receive complimentary, one-year access to Experian’s credit score monitoring services.

Letter recipients are cautioned to closely monitor their financial accounts, consider setting up fraud alerts, and potentially implement a credit freeze as an added layer of protection.

The exact number of clients affected by ZAGG’s security breach remains undisclosed.

BigCommerce’s retailers feature six add-ons crafted by FreshClick, boasting a combined total of 178 reviews from satisfied customers. Despite being compromised, the vulnerable plugin was likely swiftly removed.