Just as the holiday shopping season is beginning to kick into gear, fashion retail giant Macy’s has disclosed its wallet and shopping cart pages of the company’s website have been compromised by hackers. Although it was tightlipped with details, sources say it was a MageCart-style attack.
On Tuesday, fashion retailing giant Macy’s has issued an advisory to customers that its website servers have been breached by hackers. The attack was initiated on October 7, and the company was notified about it on October 15.
Macy’s claims the attackers allegedly inserted an obfuscated script into the Checkout and My Wallet pages of the company’s shopping website and skimmed data as it was submitted.
“On October 15, 2019, we were alerted to a suspicious connection between macys.com and another website. Our security teams immediately began an investigation. Based on our investigation, we believe that on October 7, 2019, an unauthorized third party added unauthorized computer code to two (2) pages on [the Macy’s website].”
As to the data that was leaked, the company’s notice said hackers obtained full names and addresses. More importantly, the attackers also had access to payment card numbers, along with their associated security codes and expiration dates. However, the company does not believe the data will be used for identity theft… TechSpot