Stories
Slash Boxes
Comments

SoylentNews is people

A Card-Skimming Hacker Group Hit 17K Domains—and Counting

posted by chromas on Sunday July 21 2019, @11:23PM   Printer-friendly
from the someone-else's-computer dept.

FatPhil writes:

https://www.wired.com/story/magecart-amazon-cloud-hacks/

You may not recognize the name Magecart, but you've seen its impact. A set of sophisticated hacking groups, Magecart has been behind some of the bigger hacks of the past few years, from British Airways to Ticketmaster, all with the singular goal of stealing credit card numbers. Think of them as the ATM skimmers of the web. And thanks to poor security hygiene, they've managed to hit 17,000 domains in the past few months alone.

A new report from threat detection firm RiskIQ details how Magecart hackers have found a way to scan Amazon S3 buckets—cloud repositories that hold data and other backend necessities for sites and companies—for any that are misconfigured to allow anyone with an Amazon Web Services account to not just read their contents but write to them, implementing whatever changes they want. Like, say, inserting code that steals credit card numbers from ecommerce sites.

Original Submission

 
This discussion has been archived. No new comments can be posted.
A Card-Skimming Hacker Group Hit 17K Domains—and Counting | Log In/Create an Account | Top | 1 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Monday July 22 2019, @11:08PM

    by Anonymous Coward on Monday July 22 2019, @11:08PM (#870121)

    Real estate agents, body corporates, shops, businesses, everyone is so enamoured by The Cloud.
    They are putting it all up there. Not realising that it is just making their data more accessible.
    Idiots.