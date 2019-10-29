Infosecurity Group Websites

Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more
Latest
News

Fashion Site Sixth June Leaking Card Data to Magecart Hackers

Apparel site Sixth June has become the latest brand to suffer a digital skimming attack on its website, according to a security researcher.

RapidSpike systems developer and researcher “Jenkins” took to Twitter yesterday to claim the firm had a live Magecart payment skimmer actively stealing customer card details.

“We reported the hack to their CEO last week but have not yet received a response,” he added, posting screenshots of the malicious JavaScript.

The Paris-based fashion retailer is said to have hundreds of thousands of social media followers, with its designs sold through ASOS, USC and other outlets.

The incident calls to mind an alert raised by another security researcher late last week. Willem de Groot from Sanguine Security claimed that Procter & Gamble’s First Aid Beauty brand had been infected with a payment skimmer since May 5.

This attack is more sophisticated than usual, with the malicious code not activating for non-US visitors, or if the user is running Linux, as many researchers do, he explained.

“I reported the breach to their executives and support team last week, but have yet to receive a reply,” de Groot tweeted last Friday. “FirstAidBeauty was bought last year for $250M. P&G decided to not integrate their new acquisition, which they may regret now.”

Yossi Naar, co-founder of Cybereason, said the Magecart incidents are a “stark reminder” that breaches will always happen.

“In an attempt to at least level the playing field, companies need to immediately pay more attention to post-breach detection and mitigation and assume they will be breached and start protecting their data accordingly,” he added. “A few simple steps include encrypting all data that is deemed sensitive, limiting employee access to networks and reducing large collections of data in widely accessible systems.”

Online brands would be well-advised to get a handle on Magecart: BA was famously fined £183 million for security failings which led to the skimming of card data on around 500,000 customers.

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

AWS Left Reeling After Eight-Hour DDoS

2
News

BBC News Goes Dark with Censor-Busting Tor Site

3
News

Millions of Adobe Customers Exposed in Privacy Snafu

4
News

UniCredit Breach Affects Three Million Records

5
News

Drivers' Data Exposed in 7-Eleven Fuel App Breach

6
News

Senators Urge AWS Investigation After Capital One Breach

1
News

Fakes, Privacy Awareness and Disaster Relief Predicted for 2020

2
News

Thousands of Websites Offline as Georgia Suffers Major Cyber-Attack

3
News

Russian State Hackers Target Anti-Doping Agency Ahead of Olympics

4
News

Fashion Site Sixth June Leaking Card Data to Magecart Hackers

5
Opinion

How Can MSSPs Thrive in the Growing Time of Complex Cyber Threats?

6
News

#ISC2Congress: Hero Pilot Schools Cybersecurity Professionals

1
Webinar

The Insider's Motive: Defending Against the 7 Most Common Insider Threats

2
Webinar

Are You At Risk? Know Your Cybersecurity Posture With Security Ratings

3
Webinar

Mobile Access: Best Practices for a Modern Security Approach

4
Webinar

How Segmentation Leads to Visibility and Enables Compliance

5
Webinar

Identifying and Defending Against Advanced and Automated Attacks

6
Webinar

Authentication Standards in 2019: Why Passwords Remain Problematic, and Future Solutions

1
Blog

Are Pwned Passwords Putting Your Business at Risk?

2
Blog

Security by Sector: Cyber-Criminals Seek to Exploit Automotive Manufacturing

3
Interview

Interview: Rafe Pilling, Senior Security Researcher, Secureworks

4
Webinar

Identifying and Defending Against Advanced and Automated Attacks

5
Opinion

Equifax and Capital One: What Should We Learn?

6
Interview

Interview: Martin Lee, Outreach Manager and Technical Lead, Cisco Talos