Press Releases

RiskIQ and Flashpoint Release Comprehensive Report on Magecart’s Assault on E-Commerce

Leading Cyber Risk and Intelligence Teams Profile the Criminal Underworld Behind Large-Scale Credit Card Breaches

SAN FRANCISCO and NEW YORK CITY – November 13, 2018RiskIQ, the global leader in digital risk management, today released a joint report with Flashpoint, the global leader in Business Risk Intelligence (BRI), analyzing Magecart, an umbrella term given to at least seven prolific cybercriminal groups placing digital credit card skimmers on thousands of compromised e-commerce sites.

The first-of-its-kind, in-depth report details seven individual Magecart groups with an analysis of their unique skimmer, tactics, and targets. The paper also analyzes the connection between this web-based activity and a thriving criminal underworld that enables these groups to operate. Readers will learn how Magecart groups monetize their campaigns via the sale and distribution of stolen cards on underground shops and a shadowy supply chain offering skimmer kits and compromised e-commerce sites-as-a-service.

The report also builds a timeline of the Magecart phenomenon from the inception of digital credit card skimming to Magecart's current all-out assault on e-commerce that claimed thousands of small and mid-sized online shops—and several giants—as victims.

“The Modus Operandi of the web-skimming Magecart groups has evolved significantly and has been ramping up over the past two years,” said Yonathan Klijsnma, Head Researcher at RiskIQ. “With the number of criminal groups operating these skimming campaigns, it's likely one of the biggest threats facing e-commerce right now.”

“The cybercriminal underground continues to provide a vibrant platform for buying and selling various credit card sniffer toolkits, as well as other critical criminal services meant to cash out the stolen cards,” said Vitali Kremez, Director of Research at Flashpoint. “As we explore these groups, it is important to keep in mind that the most profitable ventures—those that inflict the greatest damage on the e-commerce and financial industry—are run by experienced career criminals who have, over the years, developed extended networks of trusted criminal suppliers.”

The comprehensive report combines RiskIQ's global surface web visibility, which first exposed Magecart threat activity in 2016 and continues to track it, and Flashpoint's expertise in monitoring illicit communities, which ultimately reveals the commercial side of Magecart operations. This report provides powerful new intelligence that can help private and public sector organizations, including law enforcement, develop a more effective strategy to counter Magecart's growing threat.

RiskIQ, which detects internet-scale threats, is alerted to new Magecart breaches hourly, a clear indication that the group is extremely active and continues to be a critical threat to all organizations offering online payment facilities. With online sales predicted to rise 17-22 percent over the upcoming holiday season, Magecart’s criminal activities may intensify.

Download the full report here.

About RiskIQ

RiskIQ is the leader in digital threat management, providing the most comprehensive discovery, intelligence and mitigation of threats associated with an organization’s digital presence. With more than 75 percent of attacks originating outside the firewall, RiskIQ allows enterprises to gain unified insight and control over web, social and mobile exposures. Trusted by thousands of security analysts, security teams and CISO’s, RiskIQ’s platform combines advanced internet data reconnaissance and analytics to expedite investigations, understand digital attack surfaces, assess risk and take action to protect the business, brand and customers. Based in San Francisco, the company is backed by Summit Partners, Battery Ventures, Georgian Partners and MassMutual Ventures.

Visit or follow us on Twitter. Try RiskIQ Community Edition for free by visiting

About Flashpoint

Flashpoint delivers Business Risk Intelligence (BRI) to empower organizations worldwide with meaningful intelligence and information that combats threats and adversaries. The company’s sophisticated technology, advanced data collections, and human-powered analysis uniquely enables large enterprises and the public sector to bolster cybersecurity, confront fraud, detect insider threats and build insider threat programs, enhance physical security, improve executive protection, and address vendor risk and supply chain integrity. For more information, visit or follow us on Twitter at @FlashpointIntel.


© 2018 RiskIQ, Inc. All rights reserved. RiskIQ is a registered trademark of RiskIQ, Inc. in the United States and other countries. All other trademarks contained herein are the property of their respective owners.

Holly Hitchcock
Front Lines Media for RiskIQ

Kevin Kosh
CHEN PR for Flashpoint
+1 617 645 5931