Hackers injected the Forbes' subscription website with a Magecart script which collects payment card data customers introduce on the checkout page and exfiltrates it to a server controlled by the attackers.
As revealed by Bad Packets Report's co-founder Troy Mursch, the script collects card numbers, expiration dates, and credit card CVV/CVC verification codes, as well as customers' names, addresses, phone numbers and emails.
While the obfuscated Magecart script can still be found on the forbesmagazine.com website, the domain used by the attackers to collect the stolen payment information
has been taken down using Freenom's abuse API which makes it possible to take down malicious domains immediately.
The deobfuscated version of the Magecart script can be found
HERE, with the script showing the exact payment data collected by the cybercriminals, as well as the address of the server where the skimmed info was being sent to.