Latest in Gear

Image credit: Vasyl Dolmatov via Getty Images

Card skimming hack targets 201 campus stores in North America

The scale of the heist isn't yet clear.
243 Shares
Share
Tweet
Share
Save

Sponsored Links

Vasyl Dolmatov via Getty Images

The infamous Magecart card skimming hack has been used to make life miserable for college students. Trend Micro has discovered that a hacking group, currently nicknamed Mirrorthief, relied on the scripting technique to steal card data from 201 online campus stores across the US and Canada on April 14th. The team slipped its scripts into the checkout pages of the sites (all created by a common developer, PrismRBS) to harvest full card details, names, addresses and phone numbers. The number of people affected by the heist isn't yet clear.

The perpetrators appear to be unique among Magecart-using groups at this stage. They not only don't share much in common with other groups, they crafted their attack specifically with PrismRBS' software in mind. There might even be a custom receiver system instead of a ready-made skimming kit popular among cybercriminals.

PrismRBS said it had learned of the breach on April 26th and "immediately" reacted, including efforts to stop the attack, launch an investigation and contact customers as well as law enforcement and payment card providers. It's promising to bolster the security of its platform and conduct a "comprehensive end-to-end audit."

There are tools that can block the scripts and the internet domains used for remote data theft. The challenge, as is often the case, is getting companies to adopt. Even if their payment software is up to date, they might not be aware of the possibility for card skimming hacks or have security tools to thwart them. And when the attacks can be highly effective, there's plenty of incentive for crooks to find these soft targets.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
243 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's 2019 Back-to-School Guide

Engadget's 2019 Back-to-School Guide

View
Dell's XPS 13 now comes with the latest Intel 10th-gen processors

Dell's XPS 13 now comes with the latest Intel 10th-gen processors

View
Microsoft won't release more Xbox exclusives on rival platforms

Microsoft won't release more Xbox exclusives on rival platforms

View
‘Need for Speed Heat’ isn’t anything like ‘Payback’

‘Need for Speed Heat’ isn’t anything like ‘Payback’

View
The Morning After: About that fourth 'Matrix' movie

The Morning After: About that fourth 'Matrix' movie

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr