The notorious Magecart malware, which ruined online stores by stealing payment card details from unsuspecting buyers at the checkout, has claimed another well-known victim.
Security investigator Troy Mursch alarm raised on Twitter that the Forbes magazine subscription website was compromised by malicious code that transferred sensitive credit card information when users attempted to sign up for the paper edition.
Unsuspecting subscribers would think they were entering their data to receive normal copies of the magazine, but what they didn't know was that credit card numbers, expiration dates, three-digit CVV / CVC security numbers were caught by hackers, along with their names, addresses, and phone numbers.
It seems that the attackers had planted their malicious code on a third-party website named fontsawesome.gq – presumably with the thought that if someone bothered to get the source code from Forbes magazine's website, they could conclude that it was related to the legitimate FontAwesome service, used by many websites to provide beautiful icons.
Another theory is that Forbes may have been the victim of an attack in the supply chain. Forbes is a Picreel customer, a website analytics service, and it was discovered this weekend that Picreel had a vulnerability that could affect code used by thousands of websites.
Troy Mursch (who posts on Twitter as @Bad_Packets) made several attempts to warn Forbes of the problem on his subscription site.
A company spokesperson said The register that it did not know that credit card information was stolen by the criminals, even though an investigation was taking place. Nevertheless, it seems sensible for anyone who has recently been on the site to check their financial statements for unusual activities.
Fortunately, the fontawesome.gq domain hosting the malicious code was quickly deleted and neutralized the attack (at least for now).
Forbes is only the last in a long series of companies that was hit by a Magecart attack. Previous victims included British Airways, Feedify, Umbro, Vision Direct and Newegg.
Unfortunately for that Forbes, they are not strangers to being targeted by online criminals.
In the past, the magazine's website has been compromised by the Syrian electronic army hack group (which broke into the magazine's WordPress administrator console and published an article), the details of more than a million readers leaked, and malicious advertisements offered that users forwarded to pages containing the exploit kits from Neutrino and Angler.
Publisher's note: The opinions expressed in this article about the guest authors are solely those of the author and do not necessarily reflect those of Tripwire, Inc.