https://www.wired.com/story/magecart-amazon-cloud-hacks/
You may not recognize the name Magecart, but you've seen its impact. A set of sophisticated hacking groups, Magecart has been behind some of the bigger hacks of the past few years, from British Airways to Ticketmaster, all with the singular goal of stealing credit card numbers. Think of them as the ATM skimmers of the web. And thanks to poor security hygiene, they've managed to hit 17,000 domains in the past few months alone.
A new report from threat detection firm RiskIQ details how Magecart hackers have found a way to scan Amazon S3 buckets—cloud repositories that hold data and other backend necessities for sites and companies—for any that are misconfigured to allow anyone with an Amazon Web Services account to not just read their contents but write to them, implementing whatever changes they want. Like, say, inserting code that steals credit card numbers from ecommerce sites.
(Score: 0) by Anonymous Coward on Monday July 22 2019, @11:08PM
Real estate agents, body corporates, shops, businesses, everyone is so enamoured by The Cloud.
They are putting it all up there. Not realising that it is just making their data more accessible.
Idiots.