The school financial services supplier Wisepay discovered a Magecart skimmer on its website earlier in October that was leaking credit card numbers.
Wisepay is a school payment platform through which parents can pay for school meals, trips, club activities, etc. Earlier in October this year, the company detected a Magecart skimmer on its website leaking credit card numbers.
According to BBC, it is suspected that payments to nearly 300 UK schools must have been affected by the cyberattack on 2 Oct. The attacker was able to obtain payment details through a fake page until 5 Oct.
See: Lazarus hackers use Magecart attack to steal card data from EU, US sites
The firm revealed that data from an undisclosed number of transactions may be stolen. The users may have thought that they were making legit payments, but in reality, their payments were redirected to a malicious external page designed as a genuine Wisepay page.
This is what happens in a Magecart hack where attackers don’t break into databases for stealing the information but take over the live payment page.
According to Richard Grazier, Wisepay’s managing director, a backdoor in its database is responsible for compromising its website. Grazier also confirmed to BBC that a small subset of its users might have noticed it because the attack occurred on Friday night and was discovered on Monday morning.
During the weekend, fewer payments would have been pro ..
Support the originator by clicking the read the rest link below.
