Looking Back At Major Magecart Attacks Witnessed This Year

• Magecart card-skimming attacks have been in the news quite often this year.
• This attack involves the hacker injecting malicious code to harvest sensitive information from online payment forms.

Let’s look at the major Magecart attacks that were reported this year.

January 2019

Houseware manufacturing firm OXO International suffered a data breach that possibly exposed customer payment information. The breach reportedly spanned for a period of two years.

Adverline, a French Advertising company’s script was compromised to inject malicious code into the websites of the company’s clients.

April 2019

The online store of Atlanta Hawks fell victim to a Magecart attack that compromised the names, addresses, and credit card details of customers. An analysis showed suspicious code on the checkout page of the store.

May 2019

OpenCart sites were hit by the Magecart group to steal credit card information entered by users. This attack was observed to attempt to impersonate Bing’s search engine script on the checkout page.

July 2019

A Magecart campaign impacted almost 962 eCommerce stores in 24 hours. The harvested details include full credit card data, names, phone numbers, and addresses.

Over 17,000 websites were impacted due to a Magecart campaign that exploited vulnerable Amazon S3 buckets.

August 2019

The National Baseball Hall of Fame online store suffered a cyber attack by the Magecart group. The attack allowed attackers to steal data of customers who made online purchases between November 15, 2018, and May 14, 2019.

More than 80 eCommerce sites were discovered to be compromised by Magecart attackers. A number of these websites are large brands in the motorsports industry and luxury retail.

September 2019

Hotel chains across 14 countries were affected by Magecart card-skimming attacks. The malicious code injected by the attackers was observed to be designed to steal data from the hotel booking pages.

October 2019

Volusion, an eCommerce software provider was hit by the Magecart attack compromising over 6,500 stores. The attackers injected malicious code that steals payment card details from online forms.