Web skimmers have been found leaking customers credentials and credit cards on Claire’s and Icing websites
Clair’s – an American retailer of accessories, jewelry, toys, and other products aimed at teen and tween girls has been attacked by an infamous hacking group dubbed as MageCart. According to the security researchers from Sansec, the retail giant that has 3,469 stores in 37 countries and billions of buyers all across the globe has been hacked on April 20 by the mentioned persistent stealing group that has been leaking customer’s payment information from the official retailer’s website for nearly two months.
The subsidiary Icing web store has also experienced Magecart attack
The data has been skimmed for nearly two months. Having in mind that the previous two months have been announced a quarantine period in many countries all across the world resulting in a significant increase in online sales, the numbers of skimmed credentials can be outstanding.
According to the Sanguine Security’s Willem de Groot, the suspicious behavior has been noticed on March 20th, the next day after the closeup of the physical Clair’s stores. The unrecognized third-party registered a domain CLAIRES-ASSETS.COM. Four weeks later, the researchers found a malicious code added to the
app.min.js file, which is normally a legitimate file hosted on the servers of these stores.
Clair’s was quick to respond to the issue and took immediate action to remove the malicious code from its domains. The company’s spokesperson replied to the Sanguine security team:
Claire’s cares about protecting its customers’ data. On Friday, we identified an issue related to our e-commerce platform and took immediate action to investigate and address it. Our investigation identified the unauthorized insertion of code to our e-commerce platform designed to obtain payment card data entered by customers during the checkout process. We removed that code and have taken additional measures to reinforce the security of our platform.
ESET found a skimmer on several Intersport websites
The security firm ESET has confirmed yet another skimming attack by the MageCart scammers impacting some of the Intersport websites. This retailer is known as one of the biggest retailers providing sport-related products, clothes, and equipment.
The close analysis has revealed that only customers in 6 countries out of 40 are at risk of having exposed their credit card details and other PII while making the purchases. These countries are the following: Croatia, Serbia, Slovenia, Montenegro, and Bosnia and Herzegovina.
However, it’s a fact that scammers are forensic as they have predicted a huge increase in online shopping during the pandemic. This is why the malicious codes have been injected at the same time when countries have started announcing the quarantine one-by-one.
People who have been making purchases on the listed online stores during the period from March 20 until June 13 should take precautionary measures to prevent unauthorized transactions from the bank accounts.