The hack attack took place due to the classic Magecart attack in which “skimmers” are used to steal payment data.
Recently, Claire, a Jewelry, Accessories & Toys retail giant based in the US temporarily closed all of its physical stores numbering well above 3000, including that of a subsidiary named Icing. Done on March 2020 in response to COVID-19; it then shifted its focus to operating via online stores hosted on Salesforce Commerce Cloud.
However, according to a report by researchers from Sansec, this didn’t fare well resulting in the site being hacked due to the classic Magecart attack in which “skimmers” are used to steal payment data.
What happened
How this happened can be traced to the very next day of when the stores closed down – on the 21st of March 2020 when attackers registered a domain named anonymously using Namecheap.
See: How to check for websites hacked to run web skimming, magecart attack
Although no foul play was observed through this for about a month, later on, April 25, a malicious piece of code was finally injected to both Claire’s and Icing’s website designed to steal customer payment data during the checkout process.
The stolen data would then be sent to the attacker-controlled domain allowing them to have access to the information.
Snapshot of the app.min.js file to which th ..
Support the originator by clicking the read the rest link below.
