On the same day that EasyJet told the markets that 9 million customer email address and travel details had been exposed, Magecart malware has been sipping card details and evaded security scans on UK e-tailer Páramo for almost 8 months.
The Register reports that Paramo informed customers last week that a “small piece of computer code covertly installed within our website”.
“This code copied card details entered, destined for PayPal and additionally sent them on to the attacker’s server. The data transferred was name, address, card number and CVV code.”
3,743 people’s full card details were stolen between May and June this year.
It’s a low number compared to the Easyjet headlines. And supply chain hacks are not new news.
So why should you care?
Well, remember the data breach that cost British Airways a record fine of £138 million? That was Magecart malware – it’s back and it’s more sophisticated.
How can you protect your card details from supply chain attacks?
- Use a monitoring solution to detect any access to the network that could deploy Magecart
- Ensure any content management systems have strong passwords and use multi-factor authentication
- Train staff on phishing attacks that might be used to gain access to the website administration pages
And if you’re an EasyJet customer, our advice is to change your password for your EasyJet account and any accounts where you’ve used the same password. Always try to use different passwords for multiple sites – check out our advice on password security here. If you think your credit card details may have been stolen contact your bank immediately and keep an eye out on transactions from your back account for anything unusual or suspicious.
Read the full report of the Paramo Madecart malware breach here: https://www.theregister.co.uk/2020/05/19/paramo_hack_magecart/