Security News > 2020 > June > Claire’s Customers Targeted with Magecart Payment-Card Skimmer

Claire’s Customers Targeted with Magecart Payment-Card Skimmer
2020-06-15 15:36

A Magecart credit-card skimmer was used to attack online customers of the retailer Claire's for a month and a half, according to researchers.

"Following common Magecart malpractice, payment skimmers were injected and used to steal customer data and cards," according to Sansec.

Magento-based hacks are seen most often, but Magecart also attacks other platforms, including Opencart, BigCommerce, Prestashop and Salesforce.

Sansec also pointed out that it's unlikely that a vulnerability in the Salesforce platform itself was exploited, given that the skimmer was injected directly into code hosted on Claire's servers.

"Claire's cares about protecting its customers' data. On Friday, we identified an issue related to our e-commerce platform and took immediate action to investigate and address it. Our investigation identified the unauthorized insertion of code to our e-commerce platform designed to obtain payment card data entered by customers during the checkout process. We removed that code and have taken additional measures to reinforce the security of our platform."


News URL

https://threatpost.com/claires-customers-magecart-payment-card-skimmer/156552/