Technology: Macy's says its website leaked credit card info to hackers for a week - - PressFrom - US
  •   
  •   
  •   

Technology Macy's says its website leaked credit card info to hackers for a week

02:53  20 november  2019
02:53  20 november  2019 Source:   engadget.com

OnePlus reveals its second website data breach in two years

  OnePlus reveals its second website data breach in two years Early in 2018, popular cellphone maker OnePlus revealed it had coughed up credit card information on over 40,000 users in a data breach, and now it's informing users of another one. This time, while the website is the source of the breach, the company believes payment info is unaffected, however information exposed may include "name, contact number, email and shipping address" from orders made on its site. Impacted users should have received an email notifying them of the incident, and should keep an eye out for possible phishing attempt used based on the stolen information.

Macy ' s has warned customers that intruders slipped code (believed to be JavaScript) into two pages on its website on October 7th, letting them collect data The technique, known as Magecart, has grown in popularity among hackers for its mix of relative simplicity and effectiveness. They don't have to do

Macy ’ s said the breach lasted a week , between October 7 and October 15. Last year, Macy ’ s admitted a months-long breach that saw hackers steal credit card data and passwords about 0.5% of its customer base — on both its website and Bloomingdale’s site , which Macy ’ s owns.

The constant stream of card skimming hacks just claimed a particularly high-profile target. Macy's has warned customers that intruders slipped code (believed to be JavaScript) into two pages on its website on October 7th, letting them collect data from shoppers that included names, addresses and payment info. Macy's shut down the attack soon after discovering it on October 15th, but it's unclear just how many people were affected. The company told Bleeping Computer that a "small number" of people were victims, and that it had both implemented "additional security measures" and offered free credit monitoring.

Disney+ user accounts are already getting hacked

  Disney+ user accounts are already getting hacked The launch of Disney+ thus far has been something of a mixed bag. On one hand, Disney was able to get 10 million users to sign up for its fledgling service, an impressive figure no matter how you look at it. On the other hand, the service’s debut was not without its share of frustrations as users experienced a range of technical difficulties when it came to actually accessing Disney’s vast catalog of content. While some users experienced slow streaming speeds, others were unable to connect to the service at all.© Provided by Penske Media Corporation Disney Disney naturally attributed the issues to swelling consumer demand.

Macy ’ s said it was alerted to the situation on October 15, a full week after the site was breached. As a corrective measure, it ’ s offering impacted customers one year of free credit monitoring. The attacks usually involve hackers compromising a company’s online store to stealthily siphon credit card

Another MageCart card -skimming attack detected - hackers breached Macy ' s website . The company says that they have informed law enforcement institutions that are continuing investigations on the events. Hakcers breached Macy ' s website and hijacked customers' payment info .

a crowd of people at a train station

The technique, known as Magecart, has grown in popularity among hackers for its mix of relative simplicity and effectiveness. They don't have to do much more than insert rogue scripts (pointed to remote command-and-control servers) and wait for people to go shopping. From there, they can use the info to make fraudulent purchases, make clone cards and sell the data on the black market.

Don't expect these kinds of attacks to subside any time soon. They've been used against numerous major brands, including British Airways, Newegg and Ticketmaster. Until online stores are airtight against techniques like Magecart, they'll be tempting targets.

ZDNet, Bleeping Computer

Venmo will launch its first credit card in 2020 .
Today, Venmo announced that it's launching a credit card in partnership with Synchrony. The card should be ready in the second half of 2020, and users will be able to apply for, use and manage it through the Venmo app. Cardholders will get real-time, granular alerts and be able to easily split and share purchases. Synchrony already partners with Venmo's parent company PayPal, as well as many retail brands. As TechCrunch notes, adding a Venmo-branded card could help Venmo generate more revenue. Venmo launched a debit card last year, so it was only a matter of time before it added a credit card. It's actually surprising that it took this long.

—   Share news in the SOC. Networks

Topical videos:

usr: 0
This is interesting!