Network security company Aite Group and Arxan Technologies researchers recently revealed that credit card information of more than 80 e-commerce sites has been stolen. The websites that were attacked were widely distributed and mostly high-end shopping sites. Attackers not only sell payment information in the online black market but also use these sites for money laundering activities.
“New research conducted by advisory firm Aite Group revealed that 100% of the eCommerce websites examined were not protected — making them easy prey for Magecart attacks. Even more startling is the fact that it took only 2.5 hours of research to uncover the 80 compromised sites.” reads the analysis published by the experts.
Researchers say there may be multiple hacker organizations that launched the attack. The affected websites mostly use the old version of the platform software with vulnerabilities, and the hackers use these vulnerabilities to insert a credit card information reading program on the target website. The program captures the user’s payment information in real-time and sends it to the hacker. Researchers suggest that e-commerce sites should update their platform software as soon as possible, take additional defenses, and perform security checks from time to time.
At present, researchers have begun to notify affected websites but did not disclose the specific list of websites.