Claire’s, Intersports Retail Websites Breached – Online Privacy Experts Comment

Hacker groups that engage in web skimming (also known as Magecart) attacks have breached the web stores of two of the world’s biggest retail chains — accessories store Claire’s and sporting goods retailer Intersport. According to reports published today by security firms Sanguine Security and ESET, hackers breached the two companies’ websites and hid malicious code that would record payment card details entered in checkout forms.

Experts Comments

June 16, 2020
Brent Johnson
CISO
Bluefin
There are several prevention techniques for Magecart attacks, and of course the attacks constantly evolve. Depending on the size and sophistication of a website, prevention can become very difficult. Deploying a File Integrity Monitoring (FIM) solution on the retailer’s website that detects changes to hosted content/files is a good place to start; however, that doesn’t help if the site relies on third party code for hosted features (such as chat windows, shopping carts, etc). If your site.....Read More
There are several prevention techniques for Magecart attacks, and of course the attacks constantly evolve. Depending on the size and sophistication of a website, prevention can become very difficult. Deploying a File Integrity Monitoring (FIM) solution on the retailer’s website that detects changes to hosted content/files is a good place to start; however, that doesn’t help if the site relies on third party code for hosted features (such as chat windows, shopping carts, etc). If your site relies on code from a third party that’s been infected, the result is the same.  Read Less
June 16, 2020
Chris Hauk
Consumer Privacy Champion
Pixel Privacy
Data skimming attacks like these underscore the need for online shoppers to remain ever vigilant. I strongly recommend all online shoppers to pay close attention to their monthly statements, monitoring them for suspicious charges. Users should also set up alerts on their credit and debit cards when available, and invest in credit monitoring, which will alert you to skimming incidents like these, as well as more traditional data breaches.
June 16, 2020
Paul Bischoff
Privacy Advocate
Comparitech
Web skimming attacks like these are particularly effective because victims have no way of knowing that the store pages are infected. Unlike phishing attacks or malware targeting end users, card skimming attacks often can't be detected and leave no trace of evidence on the victim's device. From a customer's perspective, the checkout process looks and functions like it would if it were not infected. Only the website operator can remove Magecart malware. For the attacker, web skimming has the.....Read More
Web skimming attacks like these are particularly effective because victims have no way of knowing that the store pages are infected. Unlike phishing attacks or malware targeting end users, card skimming attacks often can't be detected and leave no trace of evidence on the victim's device. From a customer's perspective, the checkout process looks and functions like it would if it were not infected. Only the website operator can remove Magecart malware. For the attacker, web skimming has the added benefit of ensuring that all of the stolen customer data is valid and up to date, which is often not the case with data breaches in which stolen information can be months or years old.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.