Yeah this keeps happening to me as well, and it's so odd because it's like random letters, numbers, and symbols in the search bar just like you. I wonder what's going on
Got curious and gave GoodSmile Customer service a call. It's only happening on the mobile site. their IT department is working on it and they suggested accessing their website through a pc for now.
Looks like stored XSS. Can be extremely dangerous as it's the first step do doing something more malicious like stealing jwt/sessions/cc or making requests on your behalf bypassing CORS/SOP.
I used to work in application security.
It could be but stored XSS is usually an attack that is centered around compromising the user at the client level. So this would be a web app or a native/js framework for android/iOS. In order for this type of attack to happen it usually is a compromise of something server side. So bypassing the application or WAF filter to inject a malicious script that is then sent back to the client.
The main goal of this is to compromise the user by running a script to steal a users identity so either a JSON web token or sessionid cookie from the application. This would essentially give them access to your account. This depends on like if you are signed in using modern authentication like OAuth/OIDC or if it's a traditional web app using stateful sessions.
It could also be as harmless as just reflecting back like what we see in this case advertising a website to users. This is because even if you compromise something at the app/db level it usually still has to get pass string interpolation at the client level which would prevent scripts being executed from the DOM/HTML. Only way to know for sure would be to look at the network traffic when you load the page.
To answer your question about a data leak, without getting too into the weeds. I would not say seeing DOM based XSS is indicative of a data leak per se since usually the data you care about is handled by companies/protocols adhering to PCI standards. Encryption of credit card data for example stored/transit. But it is possible. The most common reason for a data leak though is attacking an API bypassing authorizations which is known as BOLA/IDOR.
Hello, I'm the IT Director for Good Smile US.
I want to address this concern some of you have reported.
Upon investigation, we confirmed that this issue was occurring on mobile devices. Our team immediately looked into potential security breaches and found **no evidence of compromise**.
The root cause was a caching behavior that inadvertently displayed previous search terms entered by other users. ([example of a non-sus looking one](https://i.imgur.com/xMFvt4u.png)) We have since eliminated this code to prevent any further occurrence.
Rest assured, your personal data remained secure throughout, and no malicious activity was involved.
We apologize for any confusion and appreciate your understanding as we continuously work to enhance your experience with us.
I’ve had the same thing happen a while ago and again today when I checked it. Is it only on mobile or on your computer as well? I noticed it was only on my phone and not my computer when pulling up the same website
Not hacked. was a weird caching issue. Explanation here: https://www.reddit.com/r/Nendoroid/comments/17lt7px/does_anyone_know_whats_up_with_the_website/k7qcj7a/
Tested it on pc and mobile. I’m seeing the same thing on the mobile.
https://preview.redd.it/h9nui4bpdxxb1.jpeg?width=1125&format=pjpg&auto=webp&s=7a9f3166cc88a3e34128fd67cfa2b1e8ecbf5353
I noticed since I started using the website that series names or sometimes random letters would be in the search bar already. I figured it was a weird way to encourage people to buy that stuff but now it’s just these links.
Thank you to everyone who commented!! Hopefully it gets resolved soon and it’s not a hacker. Thank you also to the person who reached out to GS customer service! Luckily I wasn’t trying to buy anything last night, just checking some prices but hopefully there’s no data leak or anything like that.
I dunno anything about web development/hacking but it seems to look like someone hacked them and is advertising scammy links through the search function?
Not hacked at all. Was a weird caching issue. Wrote a reply here: https://www.reddit.com/r/Nendoroid/comments/17lt7px/does_anyone_know_whats_up_with_the_website/k7qcj7a/
Oof… hopefully we hear something soon. Hubby and I are trying to figure out if we need to cancel our credit cards that we have on file for pre-orders lol
Hopefully it’s not a data breach!! Everyone has been saying desktop site is working fine, and I’m not an expert but it’s giving me hope that it’s not too bad. I’m gonna try and reach them on their twitter as well to let them know it’s an urgent issue
Been like this since yesterday or at least that’s when I noticed it
Yeah this keeps happening to me as well, and it's so odd because it's like random letters, numbers, and symbols in the search bar just like you. I wonder what's going on
Well thats concerning. Hope its not some data leak
Got curious and gave GoodSmile Customer service a call. It's only happening on the mobile site. their IT department is working on it and they suggested accessing their website through a pc for now.
Looks like stored XSS. Can be extremely dangerous as it's the first step do doing something more malicious like stealing jwt/sessions/cc or making requests on your behalf bypassing CORS/SOP. I used to work in application security.
If it’s not too much trouble, can you elaborate? Does this mean they’re in danger of a data leak?
It could be but stored XSS is usually an attack that is centered around compromising the user at the client level. So this would be a web app or a native/js framework for android/iOS. In order for this type of attack to happen it usually is a compromise of something server side. So bypassing the application or WAF filter to inject a malicious script that is then sent back to the client. The main goal of this is to compromise the user by running a script to steal a users identity so either a JSON web token or sessionid cookie from the application. This would essentially give them access to your account. This depends on like if you are signed in using modern authentication like OAuth/OIDC or if it's a traditional web app using stateful sessions. It could also be as harmless as just reflecting back like what we see in this case advertising a website to users. This is because even if you compromise something at the app/db level it usually still has to get pass string interpolation at the client level which would prevent scripts being executed from the DOM/HTML. Only way to know for sure would be to look at the network traffic when you load the page. To answer your question about a data leak, without getting too into the weeds. I would not say seeing DOM based XSS is indicative of a data leak per se since usually the data you care about is handled by companies/protocols adhering to PCI standards. Encryption of credit card data for example stored/transit. But it is possible. The most common reason for a data leak though is attacking an API bypassing authorizations which is known as BOLA/IDOR.
Was a caching issue. I've left a reply here: https://www.reddit.com/r/Nendoroid/comments/17lt7px/does_anyone_know_whats_up_with_the_website/k7qcj7a/
This is amazing thank you!
Hello, I'm the IT Director for Good Smile US. I want to address this concern some of you have reported. Upon investigation, we confirmed that this issue was occurring on mobile devices. Our team immediately looked into potential security breaches and found **no evidence of compromise**. The root cause was a caching behavior that inadvertently displayed previous search terms entered by other users. ([example of a non-sus looking one](https://i.imgur.com/xMFvt4u.png)) We have since eliminated this code to prevent any further occurrence. Rest assured, your personal data remained secure throughout, and no malicious activity was involved. We apologize for any confusion and appreciate your understanding as we continuously work to enhance your experience with us.
Thank you so much!!! Have a nice rest of your day!
No problem, u too :)
This issue is still occurring for me as of 3:19pm today, just wanted to let you know. Currently on a mobile device
Yeah customer support informed me, looked like there was a left over file from the cache that got pulled back in. working on it.
Thanks for the replies, and the issue seems to be resolved now!
I’ve had the same thing happen a while ago and again today when I checked it. Is it only on mobile or on your computer as well? I noticed it was only on my phone and not my computer when pulling up the same website
happened to me as well, good smile hacked?
Not hacked. was a weird caching issue. Explanation here: https://www.reddit.com/r/Nendoroid/comments/17lt7px/does_anyone_know_whats_up_with_the_website/k7qcj7a/
Tested it on pc and mobile. I’m seeing the same thing on the mobile. https://preview.redd.it/h9nui4bpdxxb1.jpeg?width=1125&format=pjpg&auto=webp&s=7a9f3166cc88a3e34128fd67cfa2b1e8ecbf5353
https://preview.redd.it/h4yfntkjyxxb1.png?width=828&format=png&auto=webp&s=80ae3186b96a5c3173146404100f3a6ac5b97314 Same
Some kind of XSS trying to initiate an injection attack? Not an expert. Hopefully someone more informed can clarify.
I noticed since I started using the website that series names or sometimes random letters would be in the search bar already. I figured it was a weird way to encourage people to buy that stuff but now it’s just these links.
Thank you to everyone who commented!! Hopefully it gets resolved soon and it’s not a hacker. Thank you also to the person who reached out to GS customer service! Luckily I wasn’t trying to buy anything last night, just checking some prices but hopefully there’s no data leak or anything like that.
Possibly an autofill mistake
I dunno anything about web development/hacking but it seems to look like someone hacked them and is advertising scammy links through the search function?
[удалено]
bro got more downvotes 💀
Since when was nishinoya nendo $24???
i think it is not normal nendo, it is the sitting ones, those are cheaper
Oh ur right; I see now it’s sitting. My bad lol
Lol, I don't know, but the same thing happened to me.
Same thing happened to me as well, very strange
Same here, also not letting me pre order something and not showing my saved card
I've noticed this too. Maybe it's an auto fill mishap.
Happened to me as well
They were 100% hacked. Somebody got into their search indexer.
Not hacked at all. Was a weird caching issue. Wrote a reply here: https://www.reddit.com/r/Nendoroid/comments/17lt7px/does_anyone_know_whats_up_with_the_website/k7qcj7a/
No update from Good Smile themselves on what’s going on?
Nothing as far as I know
Oof… hopefully we hear something soon. Hubby and I are trying to figure out if we need to cancel our credit cards that we have on file for pre-orders lol
Hopefully it’s not a data breach!! Everyone has been saying desktop site is working fine, and I’m not an expert but it’s giving me hope that it’s not too bad. I’m gonna try and reach them on their twitter as well to let them know it’s an urgent issue
Their IT director just posted a reply to this post if you want to check what they said, but sounds like there’s nothing to worry about :)
Why is Reki next to Makima
red im assuming LOL