Fashion Site Sixth June Leaking Card Data to Magecart Hackers
Security researchers have uncovered two major Magecart campaigns since last week. Magecart is an umbrella term for various criminal groups that attack websites with the aim of injecting them with “skimming” malware designed to steal the payment card information of visitors. Last week it was reported that the website of Procter & Gamble’s First Aid Beauty brand had been infected with a skimmer, and this week another researcher discovered that the same was true for apparel site Sixth June.
Both incidents not only show that Magecart attacks continue to pose a major threat to companies, but they also underscore the problems researchers are facing when it comes to responsible disclosure. The researcher who discovered the Sixth June breach said that he had disclosed the issue to the company last week, but had not heard back from them. Similarly, the researcher who found malware on the First Aid Beauty website did not receive a reply after the reported the issue.