Online Beauty Store Hit by Magecart Attack
An e-skimmer placed on the Procter & Gamble–owned First Aid Beauty site to steal payment card data went undetected for five months.
An online beauty store owned by Procter & Gamble was compromised by Magecart in May in a campaign that only ended today. First Aid Beauty, a site purchased by P&G earlier this year, went offline following notification of the attack from security researcher Willem de Groot.
First Aid Beauty used the Magento e-commerce platform, which patched 56 security vulnerabilities earlier in October. In the heavily obfuscated attack code, de Groot says, the criminals selected specifically for US customers and remained dormant when a user connected from a Linux system.
The malicious code captured included card number, expiration date, card owner name, and CVV code — everything required for a "card not present" credit card transaction.
For more, read here.
This free, all-day online conference offers a look at the latest tools, strategies, and best practices for protecting your organization’s most sensitive data. Click for more information and, to register, here.
About the Author
You May Also Like