Latest in Gear

Image credit:

Macy's says its website leaked credit card info to hackers for a week

There's a chance sensitive info had been stolen for a full week.
Jon Fingas, @jonfingas
November 19, 2019
3 Shares
Share
Tweet
Share

Sponsored Links

Charles Sykes/AP Images for Macy's

The constant stream of card skimming hacks just claimed a particularly high-profile target. Macy's has warned customers that intruders slipped code (believed to be JavaScript) into two pages on its website on October 7th, letting them collect data from shoppers that included names, addresses and payment info. Macy's shut down the attack soon after discovering it on October 15th, but it's unclear just how many people were affected. The company told Bleeping Computer that a "small number" of people were victims, and that it had both implemented "additional security measures" and offered free credit monitoring.

The technique, known as Magecart, has grown in popularity among hackers for its mix of relative simplicity and effectiveness. They don't have to do much more than insert rogue scripts (pointed to remote command-and-control servers) and wait for people to go shopping. From there, they can use the info to make fraudulent purchases, make clone cards and sell the data on the black market.

Don't expect these kinds of attacks to subside any time soon. They've been used against numerous major brands, including British Airways, Newegg and Ticketmaster. Until online stores are airtight against techniques like Magecart, they'll be tempting targets.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
3 Shares
Share
Tweet
Share

Popular on Engadget

The 2020 Engadget Holiday Gift Guide

The 2020 Engadget Holiday Gift Guide

View
Joe Biden's presidential transition launches with BuildBackBetter.gov

Joe Biden's presidential transition launches with BuildBackBetter.gov

View
A copy of ‘Super Mario Bros. 3’ sold for $156,000

A copy of ‘Super Mario Bros. 3’ sold for $156,000

View
The Morning After: What you need for ray-tracing in 'Cyberpunk 2077'

The Morning After: What you need for ray-tracing in 'Cyberpunk 2077'

View
How to make sense of Logitech's universal remote lineup

How to make sense of Logitech's universal remote lineup

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr