Bad Signs
That these sort of Magecart operations continue to succeed is a bad sign for both retailers and security providers.
Yeah, that they skipped hiring pen testers to check out their stuff.
US retailer Macy's says that hackers planted a card-stealing malware script on its site and harvested customer details for eight days last month. A notice (PDF) posted by the long-operating department store chain said that, between October 7 and October 15 of this year, a Magecart script was running on the checkout page of its …
Another ~6,500 and potentially 20,000 sites breached...
Up to 20,000 ecommerce websites at risk of Magecart attacks following Volusion server compromise
A search of the online list of those affected by the security breach indicates that Macys.com is on the list...