Feedify

Feedify, known also by its alias Feedify, is a customer engagement service whose headquarters are located in the United States of America. The company’s primary offering is a script that website operators embed into their e‑commerce platforms to provide customer interaction capabilities. Because the script is delivered as a third‑party component, it is loaded from Feedify’s servers each time a visitor accesses a page that includes the widget. This distribution model means that the same code is served to hundreds of distinct online retailers, giving Feedify a broad footprint across the digital commerce sector. Public reporting indicates that, at the time of the 2018 security incident, the Feedify script was present on nearly three hundred separate websites. The firm’s location in the United States situates it within a major hub for technology‑driven commerce solutions.

Feedify’s identity as a provider of external scripts sets it apart from businesses that deliver services directly to end‑users without intermediary code loading. The 2018 Magecart attack demonstrated how adversaries can compromise such third‑party scripts to insert payment‑card skimming functionality that runs on every site that loads the Feedify widget. After the initial malicious insertion, the attackers repeatedly modified the Feedify script, showing that they maintained ongoing access to the company’s backend infrastructure. In response, security researchers advised the affected merchants to temporarily disable the Feedify script until the breach could be fully eradicated and the code verified as clean. Although the compromised script was loaded on a large number of sites, many of those sites did not collect payment information during checkout, which reduced the overall risk to consumers. The episode highlighted a broader trend in which Magecart groups have shifted their focus toward targeting third‑party service providers in order to maximize the impact of their skimming campaigns across numerous online stores simultaneously.