December 8, 2019
Macy's Website Compromised by Magecart Card-Skimming Code

Macy’s is Warning Customers its Website Leaked Credit Card Information Out to Hackers for a Week

Retailer Macy’s is warning its customers of a security compromise, which left payment information open to hackers for a week…

Security threats are ever-present online. Now, hackers have claimed a very high-profile target — legacy retailer Macy’s.

The department store is warning customers cyber intruders slipped malicious code into two web pages on October 7th, which allowed them to clandestinely collect shopper data. Said information includes customers’ names, addresses, and payment information.

Macy’s Website Compromised by Magecart Card-Skimming Code

Macy’s explains it shut down the attack immediately after discovering it about a week later on October 15th. At this time, it’s unknown how many people were affected by the week-long data breach.

The attackers used a technique called Magecart, which has been steadily growing in popularity among hackers. It’s a relatively simple and effective method, being deployed by inserting rogue scripts into websites. Customer data is intercepted thereafter, sent off to a remote command-and-control server. Then, the hackers can easily make fraudulent purchases, manufacture clone cards, and even sell the data on the dark web or black market.

Macy’s tells Bleeping Computer it has since implemented more security measures on its site and will offer any known victims free credit monitoring. 

Owen E. Richason IV

Covers social media, apps, search and like news. History buff, movie and theme park lover. Blessed dad and husband. Owen is also a musician and is the founder of Groove Modes.          

View all posts by Owen E. Richason IV →