British Airways Breach Caused By the Same Group That Hit Ticketmaster (zdnet.com) 11
An anonymous reader shares a report: A cyber-criminal operation known as Magecart is believed to have been behind the recent card breach announced last week by British Airways. The operation has been active since 2015 when RisqIQ and ClearSky researchers spotted the malware for the first time. The group's regular mode of operation involves hacking into online stores and hiding JavaScript code that steals payment card information entered into store checkout pages, information such as credit card numbers, names, addresses, and whatever is collected via payment forms. The group has been very active in the past three years, being blamed for injecting card skimming scripts on thousands of sites, with the most recent trove of compromised sites being discovered two weeks ago. Of all its hacks, the most notorious incident was when the group compromised a third-party chat provider and used its infrastructure to drop malicious scripts on the Ticketmaster checkout page. [...] In a report published today, researchers at RisqIQ say they found clues linking the same Magecart operation to the British Airways breach. This breach was announced last week when British Airways said that an unidentified hacker compromised its systems and stole the card details of over 380,000 users.
Online card skimming (Score:3)
Would a lot harder harder to achieve with cards that require a second out-of-band confirmation.
The attacker would still get everything that goes into the checkout form on the attacked website,
but they would lack what goes - e.g. - into the confirmation app on the smartphone.
Thus they couldn't use the data to make purchases on the users' behalf.
On the other hand, this data might be enough to do some social engineering (see customer services that ask last part of card number as a form of identity proof).
Harder vs impossible (Score:2)
Because as we all know, phones can't be breached.
Notice how I said harder, not impossible.
Yes, phone can be breached, too. But that suddenly requires a little bit more effort (breaching a completely different device), than simply adding javascript that slurps the content of "buy / checkout" web forms on a compromised web site.
Before :
- "simply" compromise a single web site and slurp all the credit card info
1 single point to breach.
After :
- slurp all the credit card info from a single website
- break the 2 factor authentication (e.g.
What's Jenna Coleman up to? (Score:5, Funny)
Stupid Americans and their lazy regulatory government and lax corporations. We Brits have a tight reign on secur...
These attackers are motiviated by opportunity (Score:4, Informative)
Hence while the actual crime was surely committed by them, BA left the barn door wide open for them to waltz in.
Re: (Score:2)