Latest in Gear

Image credit:

Macy's says its website leaked credit card info to hackers for a week

There's a chance sensitive info had been stolen for a full week.
Jon Fingas, @jonfingas
November 19, 2019
Share
Tweet
Share

Sponsored Links

Charles Sykes/AP Images for Macy's

The constant stream of card skimming hacks just claimed a particularly high-profile target. Macy's has warned customers that intruders slipped code (believed to be JavaScript) into two pages on its website on October 7th, letting them collect data from shoppers that included names, addresses and payment info. Macy's shut down the attack soon after discovering it on October 15th, but it's unclear just how many people were affected. The company told Bleeping Computer that a "small number" of people were victims, and that it had both implemented "additional security measures" and offered free credit monitoring.

The technique, known as Magecart, has grown in popularity among hackers for its mix of relative simplicity and effectiveness. They don't have to do much more than insert rogue scripts (pointed to remote command-and-control servers) and wait for people to go shopping. From there, they can use the info to make fraudulent purchases, make clone cards and sell the data on the black market.

Don't expect these kinds of attacks to subside any time soon. They've been used against numerous major brands, including British Airways, Newegg and Ticketmaster. Until online stores are airtight against techniques like Magecart, they'll be tempting targets.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Sony's PS5 DualSense controller has a built-in mic and adaptive triggers

Sony's PS5 DualSense controller has a built-in mic and adaptive triggers

View
See every square foot of asteroid Bennu, Earth's little frenemy

See every square foot of asteroid Bennu, Earth's little frenemy

View
Scientists visualize a black hole plasma jet in unprecedented detail

Scientists visualize a black hole plasma jet in unprecedented detail

View
Dell's XPS 15 and 17 leak with sleek new designs

Dell's XPS 15 and 17 leak with sleek new designs

View
GM offers free, limited internet access in its connected cars

GM offers free, limited internet access in its connected cars

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr