Last month Ticketmaster UK warned that some of its customers may have had their payment data stolen by cybercriminals. At the time Ticketmaster firmly put the blame with a third-party provider, Inbenta.
Inbenta consequently blamed Ticketmaster, while in April online bank Monzo warned all concerned that a breach was taking place.
Magecart works by using a form of virtual card skimming, scraping payment details during online transactions and then sending the details to the cybercriminals.
RiskIQ have been monitoring Magecart since 2015 and said the malicious code originally began by hacking retail stores directly. But it seems the actors behind it have developed the code to breach suppliers of widely used third-party components.
This, it seems is what happened with Ticketmaster UK and Inbenta. According to RiskIQ Inbenta was compromised with the Magecart skimming software. But they speculate that a Ticketmaster developer account had been breached that allowed the hackers to access Inbenta.
It also transpired that many others had been infected with Magecart.
While Ticketmaster received the publicity and attention we believe it’s cause for far greater concern. Magecart is bigger than any other credit card breach to date and isn’t stopping any day soon.
Magecart is an active threat that operates at a scale and breadth that rivals, or possibly surpasses the recent compromises of point-of-sale systems of retail giants such as Home Depot and Target.
The Magecart actors have been active since 2015 and have never retreated from their chosen criminal activity. Instead, they have continually refined their tactics to maximise the return on their efforts.- Yonathan Klijnsma: Research Officer, RiskIQ
Among those breached by Magecart includes PushAssist which provides web analytics similar to Google Analytics. They boast having tens of thousands of websites using its platform, which means any website performing payment processing through PushAssist is currently being breached by Magecart.
Another is the Content Management System (CMS) company Clarity Connect. It helps companies create an online presence with a website or web store, so again the scale could be unprecedented.
At present it is almost impossible to calculate the full extent of credit card details stolen through Magecart, the figure could be enormous given it has been operating since 2015.
And there is little clear idea as to how embedded Magecart is in online payment processes across the globe. Which for all of us who regularly shop online is extremely worrying.