• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

What Macy’s Payment System Breach Means To You

November 27, 2019 By Trevor Collins

Mac's mall location

As reported by Techradar, hackers related to MageCart compromised Macy’s online payment system early last month. MageCart consists of a loose group of hackers around the world that compromise primarily magneto payment systems. By inserting malicious code into Macy’s online payment page, they captured all payment card information needed to comprise user credit cards. They data they captured included first names, last names, addresses, cities, states, zip codes, payment card numbers, payment card security codes and the expiration date of the cards. Additionally, the malicious script compromised phone numbers and email addresses from the victim’s accounts.

Macy’s security team found the malicious code on their website on October 15. They promptly removed the code, but it had already been running for at least a week on the ‘Checkout’ and ‘My Wallet’ pages. Between October 7th and 15th, if a customer submitted any payment information on those pages, the malicious script compromised the payment details sending the data to MageCart’s remote server.

MagaCart compromises payment pages through exploits in the web page or interfering in the production line to produce the websites code. In the past, they compromised  the code repository where the source code is stored and input their own code. If the web server updates its code automatically, the malicious code hosted in the repository would be applied to the website.

If you run a website with payment information, make sure you frequently audit all code updates to the site. The malicious code that these attackers use usually comes in the form of obfuscated JavaScript. On the other side, website users don’t have a lot to go off unless they inspect the website’s code, or the malicious script breaks the payment form. User can also inspect DNS traffic for connections to malicious domains. WatchGuard customers with TotalSecurity are safe since DNSwatch does this automatically. This will help keep your data safe in cases where attackers use a domain name to host their malicious code.

Share This:

Related

Filed Under: Editorial Articles

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
  • TikTok is Banned, Kind Of
  • How Not to Update Software

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • How Not to Update Software
  • Naming APTs
  • TikTok is Banned, Kind Of
  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use