Macy’s has disclosed a data breach – their web site was hacked with malicious scripts that steal customer’s payment information. In Magecart attacks, hackers compromise web sites to inject malicious JavaScript scripts into various sections of the web site. These scripts then steal payment information that is submitted by a customer.
The ‘Notice of Data Breach‘ issued by Macy’s said their web site was hacked on October 7th, 2019 and a malicious script was added to the ‘Checkout’ and ‘My Wallet’ pages. If any payment information was submitted on these pages while they were compromised, the credit card details and customer information was sent to a remote site under the attacker’s control.
Macy’s suffers online Magecart card-skimming attack, data breach https://t.co/eapfFMrlv9 by @SecurityCharlie
— ZDNET (@ZDNET) November 19, 2019
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
