Researchers with RiskIQ say they have uncovered and helped resolve a credit card-skimming threat that targeted a third-party web app that manages customer reviews. The company attributes the threat to Magecart, a loosely associated set of hacking groups that exploit vulnerabilities in widely used third-party scripts. Magecart has been linked to similar payment data breaches with Ticketmaster UK, Newegg, British Airways and others. But Yonathan Klijnsma, head researcher at RiskIQ, explained to CyberScoop that Magecart is more of an umbrella term to describe the independent groups that exchange and imitate other groups’ procedures. In this case, RiskIQ says that a tool made by e-commerce software company Shopper Approved was compromised by Magecart threat actors, giving them the ability to skim payment information from the checkout pages of “a few hundred” online stores using the tool. RiskIQ labels this Magecart group “Group 5” and says it’s the same one that targeted Ticketmaster. The tool […]
The post Magecart group compromises customer ratings tool, affecting ‘hundreds’ of online stores appeared first on Cyberscoop.
Continue reading Magecart group compromises customer ratings tool, affecting ‘hundreds’ of online stores→