TrueFire is one of the popular guitar tutoring websites with over 1 million users, where wanna-be-guitarists pay online to access a massive library of over 900 courses and 40,000 video lessons.
Though TrueFire hasn't yet publicly disclosed or acknowledged the breach, The Hacker News learned about the incident after a few affected customers posted online details of a notification they received from the company last week.
The Hacker News also found a copy of the same 'Notice Of Data Breach' uploaded recently to the website of Montana Department of Justice, specifically on a section where the government shares information on data breaches that also affect Montana residents.
Confirming the breach, the notification reveals that an attacker gained unauthorized access to the company's web server somewhere around mid last year and stole payment information of customers that were entered into its website for over five months, between August 3, 2019, and January 14, 2020.
"While we do not store credit card information on our website, it appears that the unauthorized person gained access to the site and could have accessed the data of consumers who made payment card purchases while that data was being entered," the breach notification says.
"We cannot state with certainty that your data was specifically accessed; however, you should know that the information that was potentially subject to unauthorized access includes your name, address, payment card account number, card expiration date, and security code," the breach notification says.
While the company didn't explain how the attackers managed to compromise its website or if they had injected a digital credit card skimmer on it, the scenario looks very similar to a Magecart style attack.
The company discovered this security incident on January 10 and claimed to have now patched the web vulnerability that allowed attackers to compromise its website in the first place.
Guitarists who made any online payment at the TrueFire website between last August and this January are advised to block the payment cards used on it and request a new one from their respective financial institution.
Other customers are also advised to be vigilant and keep a close eye on their bank and payment card statements for any unusual activity.
As a precaution, all users are also encouraged to change passwords for their TrueFire account and for any other online account where they use the same credentials.