Security News > 2022 > July > 50k credit cards stolen from 300 U.S. restaurants using skimmers
Payment card details from customers of more than 300 restaurants have been stolen in two web-skimming campaigns targeting three online ordering platforms.
Recently, Recorded Future's threat detection tools identified two Magecart campaigns injecting malicious code into the online ordering portals of MenuDrive, Harbortouch, and InTouchPOS. As a result, 50,000 payment cards were stolen and have already been offered for sale on various marketplaces on the dark web.
The first campaign started on January 18, 2022 and it hit 80 restaurants using MenuDrive and and 74 that used the Harbortouch platform.
Most of these restaurants were small local establishments across the U.S. using the platform as a cost-effective alternative to outsource the online ordering process.
In this case, the skimmer doesn't steal the details from the site but instead overlays a fake payment form on valid targets that are ready for the checkout process using a credit card.
In the case of MenuDrive and Harbortouch, removing the skimmers requires scanning all restaurant subdomains.