Canada’s 1-800-FLOWERS Latest Victim of Credit Card Stealing Malware

It seems that a credit card stealing malware has been stealing user details off of Canada’s 1-800-FLOWERS website. The bug, which may be Magecart, might have been working silently in the background for a whole 4 years. Read on for the full story.

Canada’s 1-800-FLOWERS – The Full Story

Ontario Inc., the Canadian flower sale site operator, notified California’s Attorney General’s office about malware found on the site that stole the payment card information of the company’s customers.

While we don’t know much about the incident, we do know a few basic facts:

1. The digital forensics team investigating the hack say that exposure to the malware lasted from August 2014 to mid-September 2018.
2. The malware only affected the Canadian website. The main 1-800-FLOWERS site does not have the malware.
3. We don’t know how many users the malware affected. We do know that at least 500 Californians fell victim to this bug. Data protection legislation requires any company to notify the Attorney General’s office if at least 500 Californians were affected.
4. The Canadian website has already been redesigned. They added additional security measures to keep this problem from happening again.

It does seem, however, like there is a new trend of companies discovering breaches years later. Recently, Marriott International’s customers were also hit with the news that a bug from the year 2014 was still siphoning off information from their guest database.

What To Do if You’re a Customer

If you’re a customer of the Canadian flower service, you might be wondering what you should do next.

Sadly, seeing as the malware has been on the website for the past 4 years, there is really not a lot that you can do. However, we do suggest you:

1. Review your bank statements to see if there’s any suspicious activity on your card.
2. Notify your bank and discuss possible solutions, you may be able to change the card number associated with your account.

Worried about falling victim to credit card stealing malware in the future? There are a few options you can look into:

1. Check and see if your bank offers a dedicated e-card. Sometimes, banks will offer their clients specific cards that they can use online. These cards have limits on how much money you can spend online. This kind of card guarantees that your full bank account is safe as it separates your main account from what you can spend online.
2. Invest in Gift cards. Most e-commerce websites will let you pay for your item in gift cards. Try to go with this option whenever possible, as any information theft will not lead the hacker to your bank account.
3. Use 2 Factor Authentication for your online purchases. Talk to your bank to see if this option is available for you.

Canada’s 1-800-FLOWERS – Final Thoughts

There you have it, all the information we know about Canada’s 1-800-FLOWERS hack. What many experts and customers now want to know is why the bug went undetected for 4 whole years. It seems like e-commerce websites, despite working directly with online money transfers, need a new way to fend off Magecart. Hopefully, this will be the last we hear about long-exposure payment stealing malware this year.