Customer data leaked through third party chat application.
What does Delta Airlines, Sears, Kmart, and Best Buy have in common? If you said that they all used the same third party chat application called 7.Ai on their websites, you’d be right. If you said that they have all leaked private customer data through the aforementioned chat application, you’d also be right.
It has come to light today that a customer service software utilized by the above mentioned retailers and airline, was breached during a 15 day time frame in which the chat was infected with malware. Unfortunately, the malware did not only affect those that used the chat application, but was instead a point of entry to gain access to other information.
The period which lasted from September 26 to Oct 12, 2017 saw attackers gain access to customer payment details. Sears states less than 100,000 of their customers were affected, and did not include any store purchases or purchases made through the branded Sears credit card. Delta states only “a small subset” of their customers are affected and that no personal information outside of payment data was affected. Best Buy defined their own group of victims as “only a small fraction of our overall online customer population”.
There are potentially many more victims of this breach, from other 7.Ai customer accounts. Other listed customers of the company include American Express, AT&T, Citi, eBay, Farmers Insurance and Hilton, although American Express has already stated that they were not affected in the breach.