Expert Comments

Claire’s, Intersports Retail Websites Breached – Online Privacy Experts Comment

Expert(s): Security Experts
Expert(s): Security Experts

Hacker groups that engage in web skimming (also known as Magecart) attacks have breached the web stores of two of the world’s biggest retail chains — accessories store Claire’s and sporting goods retailer Intersport. According to reports published today by security firms Sanguine Security and ESET, hackers breached the two companies’ websites and hid malicious code that would record payment card details entered in checkout forms.

Experts Comments

June 16, 2020
Brent Johnson
CISO
Bluefin
There are several prevention techniques for Magecart attacks, and of course the attacks constantly evolve. Depending on the size and sophistication of a website, prevention can become very difficult. Deploying a File Integrity Monitoring (FIM) solution on the retailer’s website that detects changes to hosted content/files is a good place to start; however, that doesn’t help if the site relies on third party code for hosted features (such as chat windows, shopping carts, etc). If your site.....Read More
There are several prevention techniques for Magecart attacks, and of course the attacks constantly evolve. Depending on the size and sophistication of a website, prevention can become very difficult. Deploying a File Integrity Monitoring (FIM) solution on the retailer’s website that detects changes to hosted content/files is a good place to start; however, that doesn’t help if the site relies on third party code for hosted features (such as chat windows, shopping carts, etc). If your site relies on code from a third party that’s been infected, the result is the same.  Read Less
June 16, 2020
Chris Hauk
Consumer Privacy Champion
Pixel Privacy
Data skimming attacks like these underscore the need for online shoppers to remain ever vigilant. I strongly recommend all online shoppers to pay close attention to their monthly statements, monitoring them for suspicious charges. Users should also set up alerts on their credit and debit cards when available, and invest in credit monitoring, which will alert you to skimming incidents like these, as well as more traditional data breaches.
June 16, 2020
Paul Bischoff
Privacy Advocate
Comparitech
Web skimming attacks like these are particularly effective because victims have no way of knowing that the store pages are infected. Unlike phishing attacks or malware targeting end users, card skimming attacks often can't be detected and leave no trace of evidence on the victim's device. From a customer's perspective, the checkout process looks and functions like it would if it were not infected. Only the website operator can remove Magecart malware. For the attacker, web skimming has the.....Read More
Web skimming attacks like these are particularly effective because victims have no way of knowing that the store pages are infected. Unlike phishing attacks or malware targeting end users, card skimming attacks often can't be detected and leave no trace of evidence on the victim's device. From a customer's perspective, the checkout process looks and functions like it would if it were not infected. Only the website operator can remove Magecart malware. For the attacker, web skimming has the added benefit of ensuring that all of the stolen customer data is valid and up to date, which is often not the case with data breaches in which stolen information can be months or years old.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.
SUBMIT

You may also like

Booz Allen Report On CISOs And China Quantum Computing Risks,...

Experts Reactions On Sky Broadband Hack Warning

Ransomware Set To Break Records This Black Friday 2021

Security Expert On Apple Suing NSO Group

Meta Delays Plans To Rollout End-to-end Encryption

NCSC Issues Black Friday Warning To Tetailers

How The Zelle Fraud Scam Steals Your Bank Credentials

GoDaddy Data Breach Impacts Over A Million Users, Experts Reactions

Utah Imaging Data Breach – Expert Comments

Telecoms Security Bill – What’s Missing?

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts