Originally reported by BleepingComputer, the American Payroll Association (APA) recently issued a breach notification for all members and customers after a web skimmer was planted on the organization’s website login and online store checkout pages. On July 23, 2020, the APA discovered a skimmer used to collect and exfiltrate personally identifiable information—the breach is believed to have started as early as May 13th. Based on a statement from the APA, the attackers gained access to login information (username & passwords) and individual payment card information. In some cases, attackers were also able to gain access to social media usernames.
As login information was exposed, Binary Defense recommends changing the passwords of any affected accounts. It is also a best practice to use a password manager to keep track of unique passwords to all accounts. Password managers typically have a feature to allow for the creation of randomly generated passwords of a set length, which can help reduce the impact of stolen credentials. Additionally, for credit card holders, Binary Defense recommends the use of a virtual credit card for online purchases, which allows credit cardholders to create temporary credit card numbers that can be used during purchases, adding another layer of security to online purchases.