Shopper Approved
| Primary URL | Location | Industry | shopperapproved[.]com |
Country
United States of America
|
Technology
|
|---|
Profile
Shopper Approved operates as a provider of customer review widgets that are implemented as JavaScript snippets on client websites. The widget allows businesses to gather feedback from purchasers and display ratings and comments on product or service pages. It is designed to integrate with various e‑commerce platforms and content management systems without requiring extensive development work. The company’s headquarters is located in the United States of America. Its core offering centers on helping online merchants build trust through visible consumer testimonials.
The review widget is deployed across multiple client sites, meaning the same JavaScript file is loaded by numerous merchants who have incorporated the service into their storefronts. In September 2018, attackers compromised the legitimate JavaScript file used by the widget, injecting malicious code that could capture checkout form data. The malicious script was activated only when certain URL keywords were present, limiting its effect to a subset of checkout pages. Because most clients did not place the widget on payment pages, the breach affected only a small fraction of the overall traffic. The intrusion was discovered after researchers observed the attackers briefly exposing unobfuscated code, which revealed connections to a previous Magecart campaign.
Upon detection, Shopper Approved promptly removed the compromised script from its distribution servers and notified affected customers about the incident. The company’s response included a forensic review to ensure no further remnants of the skimmer remained in the widget’s codebase. The incident highlighted the firm’s focus on the security of third‑party scripts and its ability to act quickly when a supply‑chain threat is identified. While the breach was confined in scope, it underscored the risks associated with widely distributed JavaScript widgets. The event also contributed to broader industry awareness of Magecart tactics targeting service providers that supply code to many websites.
