What is Magecart?
Magecart is the collective term for a number of hacking groups that have appeared in recent years.
The hackers use a variety of tactics to exploit vulnerabilities and skim customer details – mainly usernames, passwords and credit card information.
A common attack method is a supply chain attack – where hackers target third party service providers.
Many sites load these third party scripts for ads, live chat, analytics etc. By compromising a popular tool Magecart can gain access to all the sites that utilise it.
Using formjacking hackers can then skim card details and other customer information and send it to a destination of their choosing.
Who has been affected by Magecart?
Magecart has recently been described at the “Number one threat in cyber security”. Thousands of sites have been compromised in 2019 alone, with a particular focus on ecommerce sites.
In addition to damage to reputation, large fines have been handed out for data breaches – most notably British Airways who were fined £183 million for a Magecart hack that lasted just 5 days.
Some high-profile examples:
- Vision Direct
Attack lasted 5 days, 6600 customers affected.
- British Airways
Attack lasted 16 days, 380,000 customers affected.
Website was compromised for over 1 month.
40,000 customers were affected over 9 months.
- Discount Mugs
Website was hacked for over 4 months.
Customers were vulnerable for over 19 months.
Whilst your customers browse and purchase on your website, scripts are loaded from third parties.
If a third party is compromised, hackers then have a way to write scripts affecting your website.
Hackers can then intercept customer card details without you even noticing.
Magecart breaches can be difficult to identify, with many going weeks or months before detection. In some cases sites have been compromised repeatedly by the same vulnerability.
Magecart hacks share a common detail – whenever customer data is taken from a site it must be sent to a new location hosted by the hackers.