Atlanta Hawks online store hit by Magecart cybergang

As noted in numerous news articles throughout the InfoSec community, e-commerce attacks are on the rise in an explosive fashion. This fact is only further proven by a recent incident involving a major sports franchise. As reported on the blog for Sanguine Security, the NBA’s Atlanta Falcons are currently in damage control mode as their online store has come under attack from the Magecart cybergang.

According to the researchers who wrote the blog post, the threat actors injected a payment skimmer into the website. The result was data such as name, address, and credit card numbers being stolen, with the information most likely to be leveraged into providing either 1) a direct pay transfer or 2) sale on the Dark Web. The attack was first noticed by Sanguine Security on April 20 after code analysis in Chrome Developer Tools determined that “the gibberish code already bears the signature of Magecart... it intercepts keystrokes as they are entered in the payment form.”

According to a report on the incident by Bleeping Computer, the Atlanta Hawks’ front office was alerted to the situation soon after this discovery. As of the time of this article’s writing, the NBA team’s IT division has engaged in containment procedures to stop the attack from doing any further damage. The Atlanta Hawks’ online store shows a team logo and under it the text reads that the site is down for maintenance. Additionally the team’s PR representative made a statement to the media saying, “we take these threats seriously and are investigating.”

The best thing that anyone possibly affected by this Magecart attack can do is to 1) watch your billing statements for any odd activity and 2) report the situation to your credit card provider and bank (if you used a debit card on the site). These attacks are just a further reminder that the convenience of online shopping is always paired with an inherent risk.

Featured image: Flickr/Michael Tipton

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Share
Published by
Derek Kortepeter

Recent Posts

WordPress vulnerability puts 300,000 at risk for attack

A WordPress vulnerability that could affect 300,000 users has been identified and patched. By if admins don’t update, they remain…

2 hours ago

PowerShell jobs — because you have better things to do than wait

If you run PowerShell commands that take a while to complete, consider using PowerShell jobs, which will allow the command…

5 hours ago

Validating virtual networks rules in a Storage Account using PowerShell

Here’s a TechGenix Quick Tip on how to use PowerShell to retrieve a list of virtual network rules in a…

21 hours ago

Dell launches selection of new PCs, displays, and software

A line of new Dell PCs, with innovative tech capabilities like AI and 5G, are aimed at both personal and…

1 day ago

Exchange 2010 upgrade: Migrate or export mail to PST and start fresh?

If you’re on Exchange 2010, you will have to upgrade soon. And while starting from scratch with a new 2016…

1 day ago

How to repair PST files and import data back to Outlook or Office 365

If your business relies on Outlook, you can’t risk losing mailbox data because of PST files corruption. Here’s how to…

4 days ago