Hackers steal payment info from hundreds of online stores

Magecart online shopping hackers

If you’ve never been the victim of a data breach, consider yourself lucky. They’ve become an everyday part of online life, as they continue to grow in frequency and number of people affected.

While 2019 has seen its share of breaches so far, 2018 was definitely not a good year, either. Cambridge Analytica, the Marriott and others aside from last year, one of the popular methods was the Magecart attack where hackers would upload malicious code into checkout pages of various online sites to steal personal details and payment info.

Some high profile hacks involving Magecart last year impacted Ticketmaster and computer shopping giant Newegg. The most recent attack was a little more unique, and hackers just stole all kinds of data from more than 200 online stores.

Return of the Magecart attack

First, here’s a better idea of how Magecart works: hackers plant malicious JavaScript code into checkout pages of various sites, which then works in the background to steal personal info like your name, address, phone number and full payment card details. Once data is stolen it’s sold to other cybercriminals, the kind who love to commit identity theft and fraud.

That brings us to last month where just over 200 online college campus stores were hit by hackers using Magecart, according to a recent report by Trend Micro.

The report says a new hacking group they’re calling Mirrorthief placed malicious code into these sites that all had the same developer, a company called PrismRBS. PrismWeb is the e-commerce platform made by PrismRBS, and it appears hackers customized the attack around that specific platform.

PrismWeb is used by colleges and universities around the continent. It looks like the attack occurred from April 14 to April 26, 2019, affecting 176 stores in the U.S. and 21 in Canada.

What you need to know about the hack

Since being notified by Trend Micro, the company says it’s launched an investigation and are working to contact those affected. Below is the full statement it released through the report:

“On April 26, 2019, PrismRBS became aware that an unauthorized third-party obtained access to some of our customers’ e-commerce websites that PrismRBS hosts. Upon learning of this incident, we immediately took action to halt the current attack, initiated an investigation, engaged an external IT forensic firm to assist in our review, notified law enforcement and payment card companies. Our investigation is ongoing to determine the scope of the issue, including who and what information may have been impacted.”

For now, those details are fairly vague and it’s not yet known how many people were affected. If you shopped at one of the affected stores, look for any attempts the company has made to contact you. But don’t just wait for someone to reach out. Check the site you used for any mention of PrismWeb near the bottom of the homepage, then check with the specific store.

For this attack and any other similar breach, check your bank and credit card statements frequently for any unusual activity. If you find an anomaly, report it to your financial institution immediately. You might even consider a credit freeze in extreme cases.

You can also check to see if your email addresses or passwords have previously been compromised in any breaches at Have I Been Pwned. And of course, bookmark komando.com for all the latest news you need to know.

Magecart is here to stay for now, and it’s the go-to moneymaker for quite a few hacking groups. While it’s up to you to make sure you’re shopping at a reputable site, and make sure it’s encrypted by looking for https:// in the URL. It’s also up to online retailers, both big and small, to make sure they’re running the latest cybersecurity protection tools to prevent these kinds of intrusions into their systems.

Tags: computer, cybercriminals, cybersecurity, hackers