Security News > 2022 > July > Magecart Hacks Food Ordering Systems to Steal Payment Data from Over 300 Restaurants

Three restaurant ordering platforms MenuDrive, Harbortouch, and InTouchPOS were the target of two Magecart skimming campaigns that resulted in the compromise of at least 311 restaurants.

"The online ordering platforms MenuDrive and Harbortouch were targeted by the same Magecart campaign, resulting in e-skimmer infections on 80 restaurants using MenuDrive and 74 using Harbortouch," cybersecurity firm Recorded Future revealed in a report.

Magecart actors have a history of infecting e-commerce websites with JavaScript skimmers to steal online shoppers' payment card data, billing information, and other personally identifiable information.

The idea is that by targeting online ordering platforms, it can lead to a scenario where when even a single platform is attacked, dozens or even hundreds of restaurants can have their transactions compromised, which enables "Cybercriminals to steal vast amounts of customer payment card data disproportionate to the number of systems they actually hack."

It serves to highlight how Magecart campaigns are now singling out small, local restaurants that rely on third-party software from lesser-known online ordering services in lieu of designing their own checkout web pages, effectively widening the pool of attack vectors.

"Centralized ordering platforms servicing multiple merchants offer a unique opportunity for Magecart threat actors to collect customer PII and payment card data," the researchers said.

News URL

https://thehackernews.com/2022/07/magecart-hacks-online-food-ordering.html