Atlanta Hawks online store hit by Magecart cybergang

As noted in numerous news articles throughout the InfoSec community, e-commerce attacks are on the rise in an explosive fashion. This fact is only further proven by a recent incident involving a major sports franchise. As reported on the blog for Sanguine Security, the NBA’s Atlanta Falcons are currently in damage control mode as their online store has come under attack from the Magecart cybergang.

According to the researchers who wrote the blog post, the threat actors injected a payment skimmer into the website. The result was data such as name, address, and credit card numbers being stolen, with the information most likely to be leveraged into providing either 1) a direct pay transfer or 2) sale on the Dark Web. The attack was first noticed by Sanguine Security on April 20 after code analysis in Chrome Developer Tools determined that “the gibberish code already bears the signature of Magecart... it intercepts keystrokes as they are entered in the payment form.”

According to a report on the incident by Bleeping Computer, the Atlanta Hawks’ front office was alerted to the situation soon after this discovery. As of the time of this article’s writing, the NBA team’s IT division has engaged in containment procedures to stop the attack from doing any further damage. The Atlanta Hawks’ online store shows a team logo and under it the text reads that the site is down for maintenance. Additionally the team’s PR representative made a statement to the media saying, “we take these threats seriously and are investigating.”

The best thing that anyone possibly affected by this Magecart attack can do is to 1) watch your billing statements for any odd activity and 2) report the situation to your credit card provider and bank (if you used a debit card on the site). These attacks are just a further reminder that the convenience of online shopping is always paired with an inherent risk.

Featured image: Flickr/Michael Tipton

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Share
Published by
Derek Kortepeter

Recent Posts

Making retail mobile e-commerce apps more secure

Many e-commerce mobile apps are insecure, opening the businesses that use them to severe risks.…

17 hours ago

With eyes on the ‘Zoom boom,’ Microsoft launches Teams apps for meetings

Microsoft continues to leverage its hot Microsoft Teams. With an eye on the popularity of…

21 hours ago

Exchange 2019 and 2013: Is coexistence possible? Yes, here’s how

Exchange 2019 and 2013 coexistence can be achieved, but the road is winding and filled…

24 hours ago

Finding API code vulnerabilities before they reach production

A powerful add-on for GitHub’s code-scanning feature lets you get your API code analyzed for…

2 days ago

Pray.com app exposes millions of users in massive data leak

Pray.com is one of the most popular faith-based apps, so a data leak is a…

2 days ago

Merging and sorting files in Linux: Easier than you think

Here’s a walkthrough to guide you through the simple yet efficient process of merging and…

2 days ago