Customers at risk after card-skimming code found on site

A security breach at e-commerce site Sotheby’s Home last week has been linked to hackers exploiting the Magecart technique.

The company was made aware of the incident on October 10, when it discovered an “unknown third party” had inserted card-skimming code into the site.

Customers who entered information into the website’s checkout form may have had their details stolen, though Sotheby’s Home says it isn’t clear whether any data was taken at all.

A spokeswoman told The Daily Swig: “While our investigation is ongoing, we believe that the so-called ‘Magecart’ threat group, which has targeted a large number of ecommerce sites, and which is known to have previously targeted other companies whose websites use the same software Sotheby’s Home was using at the time, was responsible for the incident.

“Although it is not clear that any data was actually taken as a result of the breach, we have taken the most cautious approach of notifying all Sotheby’s Home customers who entered payment information on the website to explain the circumstances and provide resources, including complimentary credit monitoring services.”

Sotheby’s Home launched earlier this year, after the auctioneer bought and renamed online marketplace Viyet.

This latest incident is just another hack orchestrated by black hats leveraging the Magecart technique.

Last month, two separate groups using Magecart targeted the Umbro Brasil website.

Other websites to have been compromised by Magecart include Ticketmaster, British Airways, Newegg, and Vision Direct.

Magecart is an evolution of the now 18-year-old Cart32 shopping cart software backdoor and takes the form of malicious JavaScript injected onto a site’s payment page.

Once installed, the script collects all form data entered by a user – including their name, cards details, and CVV number – and uploads it to a remote server under the attacker’s control.

RELATED Criminal turf war may be brewing after Magecart double whammy