It hasn’t been a while since we heard of a MageCart attack, however now, Macy’s has disclosed a similar attack. As confirmed recently via their letter to customers, Macys has suffered a MageCart attack.
The popular online fashion store Macys has recently confirmed a MageCart attack. The information surfaced online through the company’s letter to the customers.
As revealed in the letter, the company noticed a suspicious connection between their main website macys.com and another site. Investigating the matter revealed that their site was running malicious code. This code specifically targeted two pages of Macy’s site in an attempt to access the financial data of the customers. As stated in their letter,
According to Macy’s, the attack lasted for about a week, from October 7, 2019, to October 15, 2019. Consequently, the information the attackers accessed in this duration included first and last names of the customers, email addresses, phone numbers, their complete address including city, state and zip code, and their financial data including payment card numbers, date of expiry (if present), and card security code.
Fortunately for some, the attack did not affect mobile phone users of the macys.com.