Macy’s breach is a game-changing Magecart attack
The attackers customized the Magecart code to the Macy’s website to steal credit card information in the wallet and new registrations.
The Magecart attack on Macy’s was so sophisticated it was customized specifically to the store’s website and targeted not only checkout, but also digital wallets according to RiskIQ as reported by CSO.*
Mike Bittner, Associate Director of Digital Security and Operations for The Media Trust says, “While digital skimmers have been around for years, the customized use of skimmers in attacks that target large e-commerce businesses is more recent. But what remains the same is what bad actors exploit: website design and operations processes that pay insufficient attention to insecure or unauthorized third-party code. Bad actors know they can count on many site operators to leave open the same entry points either through bad configuration, poor security measures, or both. Until businesses take third-party code risks more seriously and continually monitor third-party code to keep out unauthorized activities, these attacks will continue simply because their success is almost guaranteed.”