Skip to main content

Recent Breach Targeted MyPillow And Amerisleep Customer Data

By April 13, 2019May 19th, 2022Cybersecurity

If you’ve purchased bedding from either MyPillow or Amerisleep, your data may have been compromised. These companies are two popular mattress and bedding merchants operating in the US. This is according to a recent report coming to us from RiskIQ. The hacking group Magecart appears to be behind both breaches, which is bad news for both companies and their customers.

That is because Magecart is one of the most talented and active hacker groups on the scene today, having launched a number of successful attacks against high profile targets that have included Ticketmaster, Feedify, Shopper Approved, Newegg, and British Airways.

MyPillow entered into Magecart’s crosshairs in October 2018, when the group compromised MyPillow’s e-commerce and sales platform and began skimming credit card information submitted by the company’s customers. The group also registered a similar domain, and utilized ‘Let’s Encrypt’ to implement an SSL certificate.  Unsuspecting visitors to the site had no idea they were on a domain controlled by the hacking group.

According to RiskIQ researcher Yonathan Klijnsma, “…this type of domain registration typosquatting means that the attackers had already breached MyPillow and started setting up infrastructure in its name.”

Within a month’s time, the hacking group moved onto the second phase of its attack, registering a new website called, which mimicked the Live chat used by MyPillow.  With a poisoned script already running inside the company’s infrastructure, Magecart was able to mimic the genuine tag used by the live support service. This was so that by all outward appearances, customers believed they were chatting with an actual MyPillow employee.

The attack on AmeriSleep dates back a bit further to April 2017, but followed a similar pattern.  The skimmer remained in operation between April through October of 2017.  The company rid themselves of Magecart’s malicious software, only to come under attack again in December 2017.

In both cases, the skimmer domains have been taken offline, but both companies are still dealing with the malicious code injection issues. RiskIQ notes that given Magecart’s history, even when both companies clear their servers of malicious code, they’re likely to be re-infected in short order.  Watch your credit card statements if you’ve made a purchase from either company.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.