Macy’s, an American department store chain, stated that its customers have been hit by an attack that affected countless numbers of credit cards. The retailer stated that unknown intruders planted a card-stealing malware script on its payment site and collected customer details.
According to an official statement, the attackers installed a Magecart script on the checkout page of its website and siphoned off customers’ payment card details between October 7 and October 15, this year.
The compromised data included customers’ names, addresses, phone numbers, credit card numbers, card verification codes, and expiration dates.
“On October 15, 2019, we were alerted to a suspicious connection between macys.com and another website. Our security teams immediately began an investigation. Based on our investigation, we believe that on October 7, 2019, an unauthorized third-party added unauthorized computer code to two pages on macys.com,” Macy’s said in a statement.
“The unauthorized code was highly specific and only allowed the third-party to capture information submitted by customers on macys.com and the checkout page–if credit card data was entered and the “place order” button was hit; and the wallet page was accessed through My Account. Our teams successfully removed the unauthorized code on October 15, 2019,” the statement added.
Macy’s clarified that the attack only affected its webpage users and not the users who made purchases using its mobile application. Security experts opined that the attack appears to be a Magecart operation.
In Magecart attacks, hackers gain access to a company’s online store website by compromising it and hiding malicious code in it. The malicious code then collects the payment card information from users while making purchases on the infected site. It’s said that hackers either sell the stolen card data on the darknet or use it to make fraudulent purchases.
Recently, the FBI issued a warning for public and private enterprises in the United States about Magecart attacks, also called e-skimming or web skimming attacks, which are carried out by exploiting security flaws in open-source online stores.
The FBI stated that Magecart attacks have been active since 2016, but they’ve increased in 2018 and 2019, and even using diversified attack methodology to launch attacks. The FBI also suggested security guidelines for businesses to protect themselves from cyber-attacks, which include: Update and patch all systems with the latest security software; Change default login credentials on a regular basis; and Educate employees about safe cyber practices.