As reported by Techradar, hackers related to MageCart compromised Macy’s online payment system early last month. MageCart consists of a loose group of hackers around the world that compromise primarily magneto payment systems. By inserting malicious code into Macy’s online payment page, they captured all payment card information needed to comprise user credit cards. They data they captured included first names, last names, addresses, cities, states, zip codes, payment card numbers, payment card security codes and the expiration date of the cards. Additionally, the malicious script compromised phone numbers and email addresses from the victim’s accounts.
Macy’s security team found the malicious code on their website on October 15. They promptly removed the code, but it had already been running for at least a week on the ‘Checkout’ and ‘My Wallet’ pages. Between October 7th and 15th, if a customer submitted any payment information on those pages, the malicious script compromised the payment details sending the data to MageCart’s remote server.
MagaCart compromises payment pages through exploits in the web page or interfering in the production line to produce the websites code. In the past, they compromised the code repository where the source code is stored and input their own code. If the web server updates its code automatically, the malicious code hosted in the repository would be applied to the website.