Latest in Gear

Image credit: Charles Sykes/AP Images for Macy's

Macy's says its website leaked credit card info to hackers for a week

There's a chance sensitive info had been stolen for a full week.
450 Shares
Share
Tweet
Share
Save

Sponsored Links

Charles Sykes/AP Images for Macy's

The constant stream of card skimming hacks just claimed a particularly high-profile target. Macy's has warned customers that intruders slipped code (believed to be JavaScript) into two pages on its website on October 7th, letting them collect data from shoppers that included names, addresses and payment info. Macy's shut down the attack soon after discovering it on October 15th, but it's unclear just how many people were affected. The company told Bleeping Computer that a "small number" of people were victims, and that it had both implemented "additional security measures" and offered free credit monitoring.

The technique, known as Magecart, has grown in popularity among hackers for its mix of relative simplicity and effectiveness. They don't have to do much more than insert rogue scripts (pointed to remote command-and-control servers) and wait for people to go shopping. From there, they can use the info to make fraudulent purchases, make clone cards and sell the data on the black market.

Don't expect these kinds of attacks to subside any time soon. They've been used against numerous major brands, including British Airways, Newegg and Ticketmaster. Until online stores are airtight against techniques like Magecart, they'll be tempting targets.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
450 Shares
Share
Tweet
Share
Save

Popular on Engadget

VW will roll out self-driving electric shuttles in Qatar's capital

VW will roll out self-driving electric shuttles in Qatar's capital

View
Two men plead guilty to running large illegal streaming sites

Two men plead guilty to running large illegal streaming sites

View
The best plug-in smart outlet

The best plug-in smart outlet

View
After Math: Microsoft pulls back the cover on Project Scarlett

After Math: Microsoft pulls back the cover on Project Scarlett

View
FDA clears an interoperable, automated insulin pump

FDA clears an interoperable, automated insulin pump

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr