Malware since 2017: Auction giant Sotheby’s Home hit by Magecart attack

Sotheby’s, an American multinational corporation and Auction House has become another victim of Magecart attack after hackers gained access to Sotheby’s home website and inserted a card-skimming code aiming at customers’ credit card and banking data.

Although Sotheby’s detected the intrusion on 10th October 2018 the malware was present on its website and stealing personal and financial data of customers since March 2017. It is noteworthy that Sotheby’s home website was previously known as which the company bought in February 2018.

It is unclear how many customers have been impacted by the breach nevertheless, if you have shopped on Sotheby’s Home lately you might be a victim of Magecart attack through their website. As for the stolen data, the company believes it involves names, physical addresses, email addresses, payment card numbers along with their CVV codes and expiration dates.

“We cannot be certain as to when the website was first victimized by this attack.” said the company.

Magecart attack is a kind of FormJacking in which hackers insert malicious JavaScript code into e-commerce sites to steal credit card details and other information from payment forms on the checkout web pages. Recent examples of Magecart attack are Cathay Pacific AirwaysBritish Airways, TicketFly, Newegg, and VisionDirect breach.

According to Rusty Carter, VP, Product Management, Arxan Technologies, “The Sotheby’s breach is another in the long list of businesses falling victim to Magecart and web vulnerabilities that turn eCommerce sites into delivery mechanisms for data stealing JavaScript. Interestingly, Sotheby’s indicated that they noticed malicious activity on the same day as the site was re-launched as Sotheby’s home.”

“The detected vulnerability may have, in Sotheby’s benefit, been the result of what has been reported as sabotage between factions of Magecart. Given the reporting is that they detected an unknown party on October 10 accessing and inserting malicious code, yet they also indicated that the malware was present at least as far back as March 2017. It is possible that the new breach initiated a careful audit that discovered the resident malware that was stealing data since early 2017,” said Carter.

Sotheby’s Home breach came just days after Marriott hotel data breach in which personal and financial data of 500 million guests was stolen. However, worse for Sotheby’s is about to come in the shape of outrage and GDPR fine.

Note: The IT security firm RiskIQ has profiled the six leading Magecart groups along with notable related unclassified threat groups, highlighting their skimmers, tactics, targets, and what makes them unique. 

“Magecart is an umbrella term given to at least seven cybercrime groups, are placing digital credit card skimmers on compromised e-commerce sites at an unprecedented rate and with frightening success, RiskIQ” 

Image credit: DepositPhotos

Related Posts