Hundreds of e-commerce sites hacked in supply-chain attack
1 min read
Summary
Security researchers have uncovered a supply-chain attack that has compromised at least three software companies by inserting malware into the companies’ code, which lies dormant for years before executing.
The malware steals payment card information and other sensitive data from the e-commerce sites of customers that use the compromised software, which include a $40bn multinational company.
The malware gives the hackers full remote control of the infected servers, enabling them to steal data and execute their choice of code.
Online debit cards are particularly vulnerable to such attacks, which sees the card holder Experian stating that “you’ll likely be able to get the charges reversed eventually, but you’ll be out your own cash in the meantime”.
The best protection from such attacks is to use a credit card rather than a debit card, as any fraudulent activity will be the bank’s responsibility.
