1 min read

American Cancer Society Website Visitors Should Check Their Bank Statements

Silviu STAHIE

October 30, 2019

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
American Cancer Society Website Visitors Should Check Their Bank Statements

Magecart hackers compromised the online shop of the American Cancer Society and may have had access to all online payments made by visitors. The e-skimming attack was caught early, but it”s not known how much data was intercepted.

An e-skimming group named Magecart inserted malicious code into the cancer society”s Cancer.org shop. The sole purpose of the intrusion was to intercept credit card payments, with personal data most likely ending up on the dark web.

Magecart is comprised of a series of criminal groups that focus on e-skimming attacks, designed to infiltrate websites and capture credit card information. They can gain entry through leaked credentials, a phishing campaign, or known vulnerabilities found in backend software used by the companies.

The intrusion was detected by researcher Willem de Groot, who explained to TechCrunch that the attackers mimicked legit analytics code to cover their tracks. Even if the code was obfuscated, the researcher figured out that a third-party server was receiving the information.

The American Cancer Society has yet to make an official statement, but researchers saw that the small piece of code was removed after a few days.

Interestingly enough, the FBI recently issued an advisory regarding the potential impact of e-skimming on small and medium businesses. The American Cancer Society intrusion goes to show that all types of organizations, and not just companies, are open to this kind of attack.

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Crypto Exchange Finds Location Data on Hacker, Recovers Some Stolen Funds Crypto Exchange Finds Location Data on Hacker, Recovers Some Stolen Funds
Silviu STAHIE

October 04, 2022

2 min read
German Police Arrest Three People Accused of Running Massive Phishing Campaign German Police Arrest Three People Accused of Running Massive Phishing Campaign
Silviu STAHIE

October 03, 2022

1 min read
Prison for ex-eBay staff who aggressively cyberstalked company's critics with Craigslist sex party ads and funeral wreaths Prison for ex-eBay staff who aggressively cyberstalked company's critics with Craigslist sex party ads and funeral wreaths
Graham CLULEY

September 30, 2022

2 min read