Cyber AttacksVulnerabilities

Macy’s suffers Data Breach in Magecart Attack

0

Macy’s has revealed that they have been affected by a data breach which was caused by Magecart card-skimming code being implanted in the firm’s online payment portal.

The company stated in a letter issued to customers, that they were alerted to the security incident on October 15, and the Macy’s team immediately found that card-skimming script had been injected into two pages on the Macy’s website.

The code was believed to be injected on October 7, affecting the Macy’s checkout page and wallet page. The wallet page can be accessed through the “My Account” option.

The unauthorized code was highly specific and only allowed the third-party to capture information submitted by customers.

The code was removed instantly on being alerted of the issue, but the customers who have placed orders online or submitted financial details into their wallets are believed to have their information stolen.

This data includes first and last names, physical addresses, ZIP codes, email addresses, payment card numbers, card security codes, and expiration dates.

The number of customers affected by the breach is not known at the moment. According to a Macy’s spokesperson only a small number of customers were involved, and they would be offered consumer protection services for free.

He also added that they have contacted federal law enforcement and brought in a leading class forensics firm to assist in their investigation. They have also reported the relevant payment card numbers to the card brands. Besides, they have also taken measures to prevent this type of unauthorized code from being added to macys.com.

This type of attack is known as a Magecart attack, which is a term used to describe card-skimming malware implants on otherwise legitimate e-commerce domains.

Magecart attacks were carried on Ticketmaster, British Airways, Newegg, and numerous other websites.

These attacks are mainly done through a vulnerability in a website or its backend content management system (CMS). Once unauthorized access is gained, threat actors inject JavaScript code into a webpage dealing with financial information, and wait for consumers to submit their payment card details.

This data is then gathered and sent to a command-and-control (C2) server, from where it may be used to create clone cards, for fraudulent online purchases, or sold on underground forums.

According to an anonymous researcher investigating the Macy’s attack, a ClientSideErrorLog.js script was tampered with to host Magecart code.

When active Magecart campaigns are detected, malicious code has to be cleared and any vulnerabilities that made the code injection possible have to be resolved.

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    New Phoenix Keylogger tries to stop over 80 security products to avoid detection

    Previous article

    Monero Site Hacked to deliver Cryptocurrency Stealing Malware

    Next article

    You may also like

    Comments

    Leave a reply

    Your email address will not be published. Required fields are marked *