Latest in Gear

Image credit:

Card skimming hack targets 201 campus stores in North America

The scale of the heist isn't yet clear.
Jon Fingas, @jonfingas
May 6, 2019
243 Shares
Share
Tweet
Share

Sponsored Links

The infamous Magecart card skimming hack has been used to make life miserable for college students. Trend Micro has discovered that a hacking group, currently nicknamed Mirrorthief, relied on the scripting technique to steal card data from 201 online campus stores across the US and Canada on April 14th. The team slipped its scripts into the checkout pages of the sites (all created by a common developer, PrismRBS) to harvest full card details, names, addresses and phone numbers. The number of people affected by the heist isn't yet clear.

The perpetrators appear to be unique among Magecart-using groups at this stage. They not only don't share much in common with other groups, they crafted their attack specifically with PrismRBS' software in mind. There might even be a custom receiver system instead of a ready-made skimming kit popular among cybercriminals.

PrismRBS said it had learned of the breach on April 26th and "immediately" reacted, including efforts to stop the attack, launch an investigation and contact customers as well as law enforcement and payment card providers. It's promising to bolster the security of its platform and conduct a "comprehensive end-to-end audit."

There are tools that can block the scripts and the internet domains used for remote data theft. The challenge, as is often the case, is getting companies to adopt. Even if their payment software is up to date, they might not be aware of the possibility for card skimming hacks or have security tools to thwart them. And when the attacks can be highly effective, there's plenty of incentive for crooks to find these soft targets.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
243 Shares
Share
Tweet
Share

Popular on Engadget

Google algorithm lets robots teach themselves to walk

Google algorithm lets robots teach themselves to walk

View
Spotify is testing real-time lyrics

Spotify is testing real-time lyrics

View
GM offers free, limited internet access in its connected cars

GM offers free, limited internet access in its connected cars

View
Paramount cancels movie's theatrical release in favor of Netflix

Paramount cancels movie's theatrical release in favor of Netflix

View
Sony's PS5 DualSense controller has a built-in mic and adaptive triggers

Sony's PS5 DualSense controller has a built-in mic and adaptive triggers

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr