Fraudsters are warming up for the holidays, targeting household names through e-commerce site hacking and credential stuffing attacks. On November 19, 2019, news broke that Macy’s e-commerce site was infiltrated by a third party, embedding malicious code into Macy’s online checkout page.
These bad actors also placed their skimming code on the Macy’s Wallet page, used by account holders to store payment credentials. This malware collected names, full addresses, phone numbers, email addresses, payment card numbers, card security codes, and payment expiration dates belonging to shoppers who made purchases through the Macy’s website over several weeks before it was identified and removed. This type of sensitive financial information is perfect for fraudsters looking to commit credit card fraud and other forms of financial and identity crimes.
On November 16th, 2019, it was revealed that users of the brand-new Disney+ streaming service were locked out of their accounts after being hijacked by fraudsters. These cyberthieves put Disney+ members’ login credentials up for sale on the Dark Web – with usernames and passwords starting at only $3!
Read more at https://www.business2community.com/cybersecurity/hackers-target-major-brands-disney-and-macys-breached-02263107