Skimming attacks are on the rise. Just yesterday we reported about a new skimmer, called Pipka, which is capable of deleting itself from the HTML code of infected pages. Perhaps Pipka is going to be the next big skimming malware but the infamous MageCart is not going anywhere, either.
Macy’s Data Breach – What Happened?
It appears that MageCart operators successfully accessed the checkout and wallet page of Macy’s macys.com website, and stole the credit card data of Macy’s customers. The incident took place early last month, on October 7, and was discovered a week later, on October 15.
The company released a breach notification which explains that on October 15 they were alerted to a suspicious connection between macys.com and another website. The company’s security teams immediately initiated an investigation which revealed that an unauthorized third party added code to two pages on macys.com.
The unauthorized code was highly specific and only allowed the third party to capture information submitted by customers on the following two (2) macys.com pages: (1) the checkout page – if credit card data was entered and “place order” button was hit; and (2) the wallet page – accessed through My Account, the company said.
The good news is that the bad code was successfully removed on October 15. Nonetheless, the fact that hackers were able to access names, addresses, email addresses and payment card data, remains.
The incident is another reminder that online stores should take special care to protect their websites from skimmers such as MageCart. MageCart is a well-known threat, which has compromised lots of businesses, and security measures should be implemented before an incident takes place, not after.
Furthermore, this is not the first breach of Macy’s. In July 2018, Macy’s published a Notice of Data Breach message giving details on the hijacking of their company’s customer data, which included names, addresses, phone numbers, birthdays, debit and credit card numbers and experitation dates.
As for the MageCart group, the hackers successfully compromised at least 277 e-commerce websites in January 2018 alone, which were infected in supply-chain attacks by inserting skimming code into a third-party JavaScript library. This technique loads the malicious code into all websites that utilize the library.
Both consumers and business owners should be aware of the risks of skimming, and should take the necessary steps to protect payment card data.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: