Online guitar tutoring website TrueFire has apparently suffered a ‘Magecart’ style data breach incident that may have potentially led to the exposure of its customers’ personal information and payment card information.
TrueFire is one of the popular guitar tutoring websites with over 1 million users, where wanna-be-guitarists pay online to access a massive library of over 900 courses and 40,000 video lessons.
Though TrueFire hasn’t yet publicly disclosed or acknowledged the breach, The Hacker News learned about the incident after a few affected customers posted online details of a notification they received from the company last week.
The Hacker News also found a copy of the same ‘Notice Of Data Breach’ uploaded recently to the website of Montana Department of Justice, specifically on a section where the government shares information on data breaches that also affect Montana residents.
Confirming the breach, the notification reveals that an attacker gained unauthorized access to the company’s web server somewhere around mid last year and stole payment information of customers that were entered into its website for over five months, between August 3, 2019, and January 14,…