Multiple firms have reported that their customers were put at risk due to a breach from third-party services vendors [24]7.ai, which provides a chat widget used by the impacted sites.
Among the companies that have publicly reported that their customers may be have been impacted by the breach are Best Buy, Delta Airlines and Sears Holdings. Delta and Sears both revealed they were victims of the [24]7.ai breach on April 4, while Best Buy admitted to being a victim on April 5.
“[24]7.ai discovered and contained an incident that was potentially affecting the online customer payment information of a small number of our client companies, and affected clients have been notified,” [24]7.ai wrote in a statement. “The incident began on Sept. 26, and was discovered and contained on Oct. 12, 2017.”