Latest in Gear

Image credit: Charles Sykes/AP Images for Macy's

Macy's says its website leaked credit card info to hackers for a week

There's a chance sensitive info had been stolen for a full week.
448 Shares
Share
Tweet
Share
Save

Sponsored Links

Charles Sykes/AP Images for Macy's

The constant stream of card skimming hacks just claimed a particularly high-profile target. Macy's has warned customers that intruders slipped code (believed to be JavaScript) into two pages on its website on October 7th, letting them collect data from shoppers that included names, addresses and payment info. Macy's shut down the attack soon after discovering it on October 15th, but it's unclear just how many people were affected. The company told Bleeping Computer that a "small number" of people were victims, and that it had both implemented "additional security measures" and offered free credit monitoring.

The technique, known as Magecart, has grown in popularity among hackers for its mix of relative simplicity and effectiveness. They don't have to do much more than insert rogue scripts (pointed to remote command-and-control servers) and wait for people to go shopping. From there, they can use the info to make fraudulent purchases, make clone cards and sell the data on the black market.

Don't expect these kinds of attacks to subside any time soon. They've been used against numerous major brands, including British Airways, Newegg and Ticketmaster. Until online stores are airtight against techniques like Magecart, they'll be tempting targets.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
448 Shares
Share
Tweet
Share
Save

Popular on Engadget

Tesla will start charging $10 per month for 'Premium' in-car data

Tesla will start charging $10 per month for 'Premium' in-car data

View
'Fortnite' will premiere a 'Star Wars' scene with J.J. Abrams' help

'Fortnite' will premiere a 'Star Wars' scene with J.J. Abrams' help

View
Twitch streamer DrDisRespect is creating a TV show

Twitch streamer DrDisRespect is creating a TV show

View
Recommended Reading: A year later, the CRISPR babies are still a mystery

Recommended Reading: A year later, the CRISPR babies are still a mystery

View
Hitting the Books: How police tech reinforces America's racial segregation

Hitting the Books: How police tech reinforces America's racial segregation

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr