Atlanta Hawks online store hit by Magecart cybergang

As noted in numerous news articles throughout the InfoSec community, e-commerce attacks are on the rise in an explosive fashion. This fact is only further proven by a recent incident involving a major sports franchise. As reported on the blog for Sanguine Security, the NBA’s Atlanta Falcons are currently in damage control mode as their online store has come under attack from the Magecart cybergang.

According to the researchers who wrote the blog post, the threat actors injected a payment skimmer into the website. The result was data such as name, address, and credit card numbers being stolen, with the information most likely to be leveraged into providing either 1) a direct pay transfer or 2) sale on the Dark Web. The attack was first noticed by Sanguine Security on April 20 after code analysis in Chrome Developer Tools determined that “the gibberish code already bears the signature of Magecart... it intercepts keystrokes as they are entered in the payment form.”

According to a report on the incident by Bleeping Computer, the Atlanta Hawks’ front office was alerted to the situation soon after this discovery. As of the time of this article’s writing, the NBA team’s IT division has engaged in containment procedures to stop the attack from doing any further damage. The Atlanta Hawks’ online store shows a team logo and under it the text reads that the site is down for maintenance. Additionally the team’s PR representative made a statement to the media saying, “we take these threats seriously and are investigating.”

The best thing that anyone possibly affected by this Magecart attack can do is to 1) watch your billing statements for any odd activity and 2) report the situation to your credit card provider and bank (if you used a debit card on the site). These attacks are just a further reminder that the convenience of online shopping is always paired with an inherent risk.

Featured image: Flickr/Michael Tipton

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Share
Published by
Derek Kortepeter

Recent Posts

Diebold Nixdorf ATMs targeted by jackpotting attacks

ATM manufacturer Diebold Nixdorf says its European machines are being hit by jackpotting attacks, where…

13 hours ago

Allow a home computer to connect to your Azure SQL server/database

In these days where remote computing has become crucial, you can connect your home computer…

17 hours ago

Migrating to Microsoft 365? Get the ball rolling with a trial tenant

Many companies still using Exchange Server are thinking of moving to Microsoft 365. You can…

20 hours ago

wpDiscuz WordPress plugin: Critical vulnerability found and patched

Users of the wpDiscuz interactive comment WordPress plugin should implement a new patch as soon…

2 days ago

Data lifecycle management: Policies and procedures for security and compliance

With the amount of electronic information consistently growing, data lifecycle management is crucial for compliance…

2 days ago

Deploy Windows from the cloud to on-premises hardware? Yes, you can

Wouldn’t it be nice if you could deploy Windows from the cloud while sipping an…

5 days ago