Breached online food ordering platforms have exposed hundreds of restaurants, according to researchers.
<p>Magecart attacks on food delivery services are extremely common and the COVID-19 pandemic has only made things worse as online traffic has surged to these sites – many of which saw 41% growth at the beginning of the pandemic as home-bound consumers dealt with their new reality. In this case, attackers targeted a vulnerable platform that was common to multiple food delivery services, making it easy for them to harvest payment card information and use it on other sites, or sell that card information to others on the Dark Web. </p> <p> </p> <p>Today, as much as 70% of the code used to build a website or web app can come from a third party. As such, it is critical that site and app owners understand the origin of their code to ensure it is secure. Additionally, they should look at tools that give constant visibility to the scripts that run on their site and look for changes in behavior – in this case, planting malicious code within scripts that sends payment card or PII information to an unapproved site – and take action to stop it. This is critical for both consumer trust and to avoid the fines and penalties associated with data breaches.</p>
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics