E-commerce sites worldwide face a growing risk from the threat group Magecart, who are perpetrating simple but sophisticated attacks on online payment forms. High profile reported victims include Ticketmaster, British Airways and New Egg, however, there are likely to be many sites compromised without their knowledge.
The British Airways’ hack was a demonstration of just how vulnerable companies, even big household names, can be with names addresses, emails, credit card information and CVV authentication numbers of up to 380,000 customers quietly siphoned off over a two week period in August 2018. While British Airways certainly takes its data privacy very seriously, this shows just how vulnerable our online properties can be without regular processes that monitor our infrastructure and report back weaknesses in our IT defences.
For anyone regularly dealing with online risk, privacy, and data protection, keeping your customer’s data safe is a top priority. With the right tools, British Airways could have recognized and stopped the hack well before it became a severe breach, something that data monitoring and validation tool DataTrue could have done through automated data assurance.
However, first – how did the hackers break past British Airways’ defences?
The data breach began on the 21st of August and was a simple heist which copied data from app and website payment pages and sent sensitive personal data to a third-party site operated by the hackers.
As a result, any time someone filled out his or her details in the baggage claim form, including names, credits card details, and CVV authentication numbers, this information was sent to the hackers’ website “baways.com” with no one the wiser for two weeks, allowing the hackers to accrue financial information on 380,000 customers. The RiskIQ team provide a more comprehensive analysis here of how the hack was perpetrated.
How DataTrue can detect Magecart attacks
DataTrue automatically tests the data your site is collecting and exposing to third party data processors. DataTrue tests can be automated to run hourly, plus before and after every code or content deployment.
At this point DataTrue would have detected the string patterns that were defined in the persona going through the proxy servers and to the hackers’ website, generating a report on what data and to which website or data processor the sensitive information was exposed to.
DataTrue would have identified the hackers’ website as a non-authorised data processor and alerted British Airways team to the hack. Contact us to find out more about how DataTrue can automatically validate and protect your data.