Bulletproof Coffee lacks bulletproof security: Nerd brain juice biz hacked, cards gulped

Buttered beverage second-nastiest thing on upstart's site

Logo ... How Bulletproof Coffee markets itself on its website

The Silicon Valley-backed nutrition upstart specializing in butter-infused coffee says evil code injected into its website was covertly gulping customers' payment card details for months.

Bulletproof 360 Inc., purveyors of the fatty coffee touted as a wonder-treatment for mental clarity and weight loss, admitted that from May 20 to October 19 of this year – minus one day on October 14 – hackers slurped sensitive personal information hipsters entered when purchasing stuff online.

The sipped info included bank card numbers, expiration dates, and security codes (CVV), as well as names, postal addresses, and email addresses.

The blunder, discovered mid-October, was disclosed on Monday this week to California officials, as per the US state's security breach notification laws.

"In mid-October 2017, Bulletproof identified unauthorized computer code that had been added to the software that operates the checkout page at www.bulletproof.com," Bulletproof said in its mea culpa notification letter [PDF] to customers.

"When we discovered the unauthorized code, we immediately removed it and began an investigation. We have been working with leading computer security firms to examine our systems."

Bulletproof said it is "working diligently" to shore up its web systems after its security went to pot, and has vowed to prevent future similar attacks. A spokesperson was not available for comment to explain further.

As is usually the case with these sort of cockups, Bulletproof is advising its caffeine addicts to keep a close eye on their bank statements for any unauthorized charges brewing. The outfit said it will cover any costs associated with reimbursing fraudulent charges.

The network security breach is particularly grinding for Bulletproof given its tech pedigree and the firm's particular appeal in Silicon Valley.

CEO Dave Asprey started the organization after stints at NetScaler, BlueCoat, and Trend Micro where he served as veep of cloud security. Bulletproof got into the public spotlight on the back of endorsements from VC and startup execs in the tech world. That the upstart not only lost credit card data, but did so due to a security lapse on its website, is a bad look, to say the least. ?


Biting the hand that feeds IT ? 1998–2017

                                    1. 3239961348 2018-02-21
                                    2. 8189611347 2018-02-21
                                    3. 1166571346 2018-02-21
                                    4. 905911345 2018-02-21
                                    5. 238301344 2018-02-21
                                    6. 9856121343 2018-02-21
                                    7. 7107891342 2018-02-21
                                    8. 616201341 2018-02-21
                                    9. 97671340 2018-02-21
                                    10. 7844621339 2018-02-21
                                    11. 9607131338 2018-02-21
                                    12. 3095441337 2018-02-21
                                    13. 9602111336 2018-02-21
                                    14. 5723751335 2018-02-21
                                    15. 1275371334 2018-02-21
                                    16. 8517591333 2018-02-21
                                    17. 230661332 2018-02-21
                                    18. 3311101331 2018-02-21
                                    19. 6181321330 2018-02-20
                                    20. 6139401329 2018-02-20