Over 80 compromised major e-commerce websites have been discovered. The websites are operating in the US, Canada, Europe, Latin America, and Asia and many of them are reputable brands in the motorsports industry and high-end fashion.
They have been compromised with payment card skimming malware and as a result, are sending the payment card information of online shoppers to servers controlled by hackers.
The attacks have been launched by Magecart cyber-criminals. Magecart is an umbrella term for seven cybercriminal groups that specialise in secretly implanting online card skimmers on compromised e-commerce websites.
Magecart has been responsible for some high-profile e-commerce site attacks including the British Airways website that affected over 380,000 users who used payment cards on the site between April 21 and July 28, 2018. Other high profile attacks included Ticketmaster and Newegg.
The Ticketmaster attacked impacted 40,000 UK customers who bought, or attempted to buy tickets between September 2017 and June 23, 2018. Figures for the Newegg attack were never released but given that at the time of the attack an estimated 50 million people a month visited the site, we can safely assume it was a huge number.
The researchers who discovered the 80 compromised e-commerce websites won’t make the names public though they have contacted the owners. Rather alarmingly, they discovered all 80 websites within two and a half hours of searching.
It’s a lot of compromised e-commerce websites in a short time but given that in 2018 over 300,000 e-commerce sites globally were attacked by Magecart groups, it makes sense and is clearly a part of a much wider pattern.
The attackers sell the stolen payment card data on dark web forums. They also use the card information to buy goods from legitimate online shopping sites and then ship them to merchandise mules who in turn launder the fraudulent transactions.
It’s easy to say we all need to protect our personal data but the scale of these attacks and payment card thefts illustrates just how important it is, how widespread these attacks are and how deep they go.
BullGuard Premium Protection
provides top identity protection, informing you immediately if your payment card data is up for sale on a hacker forum.