September 19, 2018 Another Victim of the Magecart Assault Emerges: Newegg RiskIQ conducted the research for this report in collaboration with Volexity, which will release a separate report of its own. From different perspectives, we will discuss the same incident, showing how we found and analyzed the latest instance of Magecart using our unique capabilities and datasets. While the dust is settling on the British Airways […]
September 11, 2018 Inside the Magecart Breach of British Airways: How 22 Lines of Code Claimed 380,000 Victims On September 6th, British Airways announced it had suffered a breach resulting in the theft of customer data. In interviews with the BBC, the company noted that around 380,000 customers could have been affected and that the stolen information included personal and payment information but not passport information. On its website, British Airways placed an […]
July 26, 2018 Uncovering Magecart With RiskIQ Data: How We Did It The Magecart project is the biggest thing I’ve worked on in my career in both the scope of the threat, the effects of the breaches, and, as a result, the media attention our work garnered. It wasn’t possible without RiskIQ data. Seeing words I wrote quoted on national news is a new experience for me […]
July 9, 2018 Inside and Beyond Ticketmaster: The Many Breaches of Magecart On June 27th, Ticketmaster, a ticket sales and distribution company, made public they had been compromised and that hackers stole customer information. However, we discovered that this was not a one-off event as initially reported, but part of a massive digital credit card-skimming campaign by the threat group Magecart affecting over 800 e-commerce sites around […]
July 12, 2017 Magecart Threat Actors are Reshipping Items Purchased with Stolen Cards via Mules in the U.S. Magecart is back, and the operation is more elaborate than we thought, involving physical shipping companies with mules operating in the United States. Credit card data is a hot commodity in the criminal underworld of the internet—stolen card data is readily available, and used to fund criminal enterprises of all kinds. But scammers, rippers, and […]
