Music recording powerhouse Warner Music Group has disclosed a months-long web skimming security incident that involved some of the company’s online stores. Warner Music said hackers compromised a number of US based e-commerce between April 25 and August 5 hosted by external serviec provider.
Digital skimming and Magecart attacks continue to be a lucrative source of revenue for hackers as they continue to seek large targets for maximum payouts. For example, data stolen from an attack on another e-commerce platform in 2019 was valued at $133M on the dark web.
Third-party platforms, scripts and services are ideal targets for attackers because the techniques can be reused to steal data from multiple e-commerce sites. Only 8% of organizations have complete insight into this Shadow Code, which creates a major security blind spot. Hackers exploit this to carry out digital skimming attacks leading to client-side data breaches and compliance penalties.
Businesses must take control of Shadow Code in their web and mobile applications by following basic security best practices and by leveraging runtime behavioral analysis to detect and stop hidden code from compromising their user data. Consumers must also continue to be vigilant about their personal data and monitor their credit reports for signs of fraudulent activity.
Payment card-skimming malware continues to be a security challenge for retailers around the globe. British Airways, Newegg, and now Warner Music Group, have all been victims of Magecart’s malware, highlighting the need for security solutions which monitor for vulnerabilities and threats, across all devices and applications, in real time. With these capabilities, retailers can be proactive in detecting and thwarting breaches before they happen, ensuring that their customers’ sensitive information is protected.