Sotheby’s Site Infected with Magecart for Over a Year

Sotheby’s has become the latest big-name brand to have its website infected with digital skimming code.

The venerable British auction house revealed on Friday that its New York-based e-commerce marketplace Sotheby’s Home, known formerly as Viyet, was affected.

According to the statement, the firm discovered and “promptly removed” on October 10 malicious code inserted onto the site by a malicious third party. However, it had been there since “at least” March 2017, meaning countless customers could have been affected over the 19 month-period.

In fact, it could be even longer. Sotheby’s admitted: “we cannot be certain as to when the website was first victimized by this attack.”

“The code was designed to target the data you entered into the payment information form on the Sotheby’s Home website,” it added. “This information would include your name, address, email address and payment card number, expiration date, and CVV code.”

The incident would seem to indicate that the group behind this scheme infected the site directly, in a similar way to skimming attacks on British Airways and Newegg sites, rather than via a third-party supplier, as happened to Ticketmaster.

Given that it has taken nearly two months for the auctioneer to come clean about the incident, it could be in trouble with European GDPR regulators if any EU citizens’ data has been swiped — although that’s unlikely given the site is designed for only US customers.

However, it could be too late for many of those affected. RiskIQ claimed recently that British Airways and Newegg customers’ credit card details went up for sale on the dark web little more than a week after they were skimmed from the respective sites.

Several groups are thought to be actively using the code around the world, with recent revelations that one is even attempting to sabotage the activities of another in order to maximize its profits.

What’s Hot on Infosecurity Magazine?