Hackers Hit 6,000 Sites On Active 18-Month Carding Spree

mask.of.sanity writes from a report via The Register: Hackers have installed skimming scripts on more than 6,000 online stores and are adding 85 each day in a wide-scale active operation that may have compromised hundreds of thousands of credit cards. The malware is infecting stores (full list) running vulnerable versions of the Magento ecommerce platform, and also compromised the U.S. National Republican Senatorial Committee store. "Given that there are [about] 5,900 other skimmed stores, and the malpractice has been going on since at least May last year, I would expect the number of stolen cards in the hundreds of thousands," said Dutch developer Willem de Groot. You can read his blog post to learn more.

Re:

[Nutria]

"few decades" is a bit of a stretch. "15 - 20 years" is much more reasonable.

Dead Link

[mallyn]

Folks:

Your link at: https://gist.github.com/gwille... [github.com] is dead. Please ensure that this is correct.

Thank you.

Re:

[Anonymous Coward]

Yep. Although at least the second link seems to have been captured by the wayback machine:

http://web.archive.org/web/20161014133252/https://gitlab.com/gwillem/public-snippets/snippets/28813

Re:

[Nutria]

14kgoldteeth.com

WTF?

Re:

[Anonymous Coward]

GitHub censored [gitlab.io] his research and advisories, and deleted the posts. He has moved to GitLab [gitlab.com], which most people should be doing anyway given GitHub's cultural issues.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Anonymous Coward]

Is that the place where the SJWs threw a fit over a sign that said "meritocracy"?

Yes, and where SJWs tried to force a "Code of Conduct" onto developers, and where SJWs have appeared in droves pulling stunts like trying to get contributors removed [github.com] for their personal beliefs that have nothing to do with their project, and throwing victim tantrums [archive.is] because their pull requests weren't accepted. The site and its employees encourage this garbage.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[grumling]

http://www.noagendashow.com [noagendashow.com]

Everyone who deployed Magento instead of hiring me

[Narcocide]

Told you so. Idiots. Who's untrustworthy now?

They missed thousands of stores!

[Gravis Zero]

There are at least 3,500 other skimmed stores. That's right, there are over 9000! ;)

Card number disclosure

[manu0601]

Why do the stores have to see the card numbers? Each time I purchase online, the store redirects me to a payment site tied to its bank.

Re:

[Anonymous Coward]

Why do the stores have to see the card numbers? Each time I purchase online, the store redirects me to a payment site tied to its bank.

Well, they took entire control of the websites, so it wouldn't have changed anything.

They could redirect you to a fishing website looking like an existing bank with a similar URL, and they could process the legitimate payment at the same time (and if they don't for some reason, they can still easily move your order forward as if the legitimate payment got through, and get away with it until the store notices they aren't actually receiving money on their account anymore... I suppose most small stores don't c

Re:

[illtud]

Many, many sites don't, and this doesn't grab your card details server-side, it serves up some JS that makes your browser send the card details to $BADIP as you enter it.

Updated host and link

[klui]

Update: http://gwillem.gitlab.io/2016/... [gitlab.io]

Link: https://gitlab.com/gwillem/pub... [gitlab.com]

Re:

[cruff]

This link returns a 404 now also.

Not stolen

[Calydor]

Let's be honest, the cards aren't stolen. The owners of the cards still have them.

Copied, however ...