Level 35
Hackers injected the Forbes' subscription website with a Magecart script which collects payment card data customers introduce on the checkout page and exfiltrates it to a server controlled by the attackers.

As revealed by Bad Packets Report's co-founder Troy Mursch, the script collects card numbers, expiration dates, and credit card CVV/CVC verification codes, as well as customers' names, addresses, phone numbers and emails.

While the obfuscated Magecart script can still be found on the website, the domain used by the attackers to collect the stolen payment information has been taken down using Freenom's abuse API which makes it possible to take down malicious domains immediately.

The deobfuscated version of the Magecart script can be found HERE, with the script showing the exact payment data collected by the cybercriminals, as well as the address of the server where the skimmed info was being sent to.


Level 39
Content Creator
Magecart groups have been active since at least 2015 and represent an ever-evolving threat capable of launching attacks against high profile international companies like Ticketmaster, British Airways, OXO, and Newegg, as well as to target small retailers like Amerisleep and MyPillow. Magecart campaigns are still going strong seeing that security outfit Group-IB found 2,440 compromised websites during early April which had been infected with payment card skimming scripts. As RiskIQ's head of threat research Yonathan Klijnsma also said, "for every Magecart attack that makes headlines, we detect thousands more that we don’t disclose. A considerable portion of these lesser-known breaches involves third-party payment platforms."
"Credit card-skimming groups like Magecart are gaining efficiency, so it takes less time than ever for consumers to see their data stolen, seemingly out of nowhere. In the end, it doesn’t matter to consumers whether this happens as the result of a traditional breach or a web-based supply chain attack,"
A potent and dangerous risk for anyone that use credit cards online and pretty hard to protect against unless the bank one use has certain security layers that normally blocks odd and fast transactions. Edit security settings in the bank account for connected cards if possible is also a tip one should strongly consider. Swedish banks has for example country related white lists one can enable if wanted. My bank has a default time for 60 minutes on that as then it's automatic reverted back to " Safe Payments Only/Sweden ". Prepaid cards is of course also a possible help.

This ain't the first time Forbes is hacked as seen below in " Similar Threads ".
Last edited: