Fashion Site Sixth June Leaking Card Data to Magecart Hackers (Oct 29, 2019)
RapidStrike security researcher “Jenkins” posted on Twitter to announce the discovery of card skimmers being implanted on the popular clothes retailer, “Sixth June”. Detailed analysis of the Magecart skimmer’s showed that would specifically look for website visitors’ credit card numbers, credit card owner names, CVV number, and expiration date. The technique of placing card skimmers on compromised ecommerce sites is common practice for threat groups tracked under the Magecart umbrella term. This skimmer unique because the malware does not collect details for non-U.S visitors or visitors who were running Linux. This infection of Sixth June follows similar attacks on retail outlets including the website of First Aid Beauty, a popular skin care brand.
Recommendation: The financial information that was disclosed appears to be quite comprehensive (credit card and banking information), and affected individuals could have their identity stolen and financial transactions made in their name. Users that believe they have been impacted by this data breach should monitor their credit cards and bank accounts for unusual activity. It is advised to encrypt all data seen as sensitive, limiting employee access to networks, and only collecting the least amount of data of customers.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.