On Friday it was reported that Sotheby’s Home has become the latest casualty of Magecart. The auction house became aware of this intrusion on 10th October 2018 when an unknown third party gained access inserted malicious code. Following this news, Rusty Carter, VP of Product Management at Arxan Technologies commented below.
Rusty Carter, VP of Product Management at Arxan Technologies:
“The Sotheby’s breach is another in the long list of businesses falling victim to Magecart and web vulnerabilities that turn eCommerce sites into delivery mechanisms for data stealing JavaScript. Interestingly, Sotheby’s indicated that they noticed malicious activity on the same day as the site was re-launched as Sotheby’s Home.
The site was purchased in March, which shows that due diligence during acquisition did not catch the malicious code, nor was it caught anytime between the acquisition and launch in October.
The detected vulnerability may have, in Sotheby’s benefit, been the result of what has been reported as sabotage between factions of Magecart. Given the reporting is that they detected an unknown party on October 10 accessing and inserting malicious code, yet they also indicated that the malware was present at least as far back as March 2017. It is possible that the new breach initiated a careful audit that discovered the resident malware that was stealing data since early 2017.
Consumers continue to become the victims of theft due to web vulnerabilities, especially those running in the browser and go undetected by businesses for extensive periods of time. The long-lasting effects of theft against consumers is met with minimal corrections from many businesses and a lack of accountability.
With GDPR and other privacy and data protection regulations coming into effect, it is disappointing to see breach after breach affecting consumers and their private information, but it shows that the traditional security approaches are insufficient to properly protect consumers and their data. Businesses need to protect the applications that customers interact with, where they are most vulnerable (in the user’s machine / browser) and not just in the datacentre.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.