A security breach at Ticketmaster brought on by malicious code from a third-party software company called Inbenta that had been compromised by a group called Magecart could affect many more retailers than originally thought, prompting concerns about a “wider, massive credit card skimming operation” according to security firm RiskIQ published in ZDNet.
“The Magecart problem extends to e-commerce sites well beyond Ticketmaster, and we believe it’s cause for far greater concern,” according to a report from RiskIQ’s Yonathan Klijnsma and Jordan Herman. “We’ve identified over 800 victim websites from Magecart’s main campaigns making it likely bigger than any other credit card breach to date.”
The report identified Magecart as a “threat group” and accused it of using “scripts injected into websites to steal data that’s entered into online payment forms on e-commerce sites.” In this case, the target for Magecart actors was payment details entered into forms on Ticketmaster’s website.
Torras said the incident was confined to Ticketmaster, but RiskIQ affects more retailers than original estimates, adding that code hosted by social analysis company SociaPlus had also been breached with code to change to skim the credit cards entered at the checkout.
RiskIQ said its own proprietary threat identification software found four third-party code suppliers had been hacked by Magecart with many still hit by malicious code. In total the code is believed to be present on hundreds of sites, including more than 100 top retailers.
All of the code libraries, served on a countless number of websites, were skimming data from those sites and sending them to a central Magecart-controlled server.
“Personally I don’t trust a single online store anymore,” report co-author Klijnsma said. “Every single one of them could have their supply chain of functionality suppliers compromised.”