The Magecart group targeted the tween accessories specialist starting the day after it shuttered its retail locations due to coronavirus.

A Magecart credit-card skimmer was used to attack online customers of the retailer Claire’s for a month and a half, according to researchers.

Claire’s – a purveyor of jewelry and accessories – closed its 3,000 physical retail locations worldwide on March 20, in the wake of the COVID-19 pandemic. An analysis from the Sansec Threat Research Team shows that a Magecart group saw an opportunity to harvest payment-card data in the closures – likely assuming that online sales activity would ramp up with no brick-and-mortar outlets available to shoppers.

“Following common Magecart malpractice, payment skimmers were injected and used to steal customer data and cards,” according to Sansec.

Magecart is an umbrella term encompassing several different threat groups who typically use the same modus operandi. They compromise websites typically by exploiting vulnerabilities or otherwise compromising in third-party eCommerce platforms, in order to inject card-skimming scripts on checkout pages. Magento-based hacks are seen most often, but Magecart also attacks other platforms, including Opencart, BigCommerce, Prestashop and Salesforce.

#breach #cloud security #web security #credit card skimmer #security