If there is a corporate zeitgeist for the technological age, it might just be “sorry, we got hacked”. The latest victim of a large-scale online data breach involving credit card information is British Airways, who reported that between 21 August and 5 September, their website and mobile app transactions – that’s up to 380 000 transactions, for those of you keeping count at home – had been compromised.
Why did it take so long to figure out what was going on?
Cybersecurity firm RiskIQ’s Yonathan Klijnsma, says that the likely culprit are hacking group Magecart, who have been successfully carrying out these kinds of attacks on many other sites. Previously, the group was kind of lazy, using the same code over and over to skim data until their attack was spotted and stopped. However, they’ve evolved with their newest endeavour, writing a whopping 22 lines of custom code and embedding it in the baggage claim webpage on the BA site. This allowed the group to keep calm and scam on for almost 16 days.
The scary thing about cybergangs like Magecart and restaurant-robbing FIN7 (other than the names) is, of course, that they are a conglomerate of clever hackers brought together by their desire to steal your stuff. That means that at any time, one member could figure out a weakness in an e-commerce site anywhere in the world, and together with some buddies, access that site before you eventually check your bank statement.
Remember when the deadliest con on the internet was Nigerian Prince scammers? I miss those days.