Security News > 2020 > January > Magecart Hits Parents and Students via Blue Bear Attack

Magecart Hits Parents and Students via Blue Bear Attack
2020-01-06 21:47

Blue Bear Software, an administration and e-commerce platform for K-12 schools and other educational institutions, is warning its customers that it has suffered a Magecart attack.

"This time, the attack targeted an educational accounting software platform that parents use to pay for student fees, books and school supplies," Elad Shapira, head of research at Panorays, said in an emailed statement.

"Online retailers like Blue Bear are prime targets for Magecart, because data is easily stolen during checkout, often through third parties, as customers enter their credit cards."

In this case, the card-skimmers were present on websites using Blue Bear from Oct. 1 to Nov. 13 and collected names, payment-card numbers, expiration dates and CVV codes, and Blue Bear user IDs and passwords.

Magecart's focus on attacking victims via the supply chain is part of a larger trend of attackers wanting to 'own' an entire system, including partners and suppliers.


News URL

https://threatpost.com/magecart-blue-bear-attack/151585/