Tuesday, 2019-05-21

admin.foxycart.com Phishing Attack Against Foxy Users

Starting the morning of Tuesday May 21, 2019, we became aware of a phishing attack against our users. The email asks users to login to a similar domain, with a login page that looks near identical to admin.foxycart.com. We will post updates here as they are available. At this point, it does look like some Foxy users were caught. We are emailing all users, and will be following up with impacted users directly.

Update 1pm PDT: We have notified all active Foxy users, and are continuing to research.

Update 5:53pm PDT: We are continuing to diagnose, and will update further if we have additional information.

Update 10:30am PDT, 2019-05-22: At this point, we believe the attack was performed using publicly available information. Domains known to use Foxy (found through search engines or other tools that analyze links and javascript includes) were found, then email address associated with those domains (from whois info, contact forms, etc.) were targeted. There is no indication of a breach of Foxy's userbase.