It has been reported that the breach at Ticketmaster was just “the tip of the iceberg” of a wider, massive credit card skimming operation, new research has found. At least 800 e-commerce sites are said to be affected, after they included code developed by third-party companies and later altered by hackers, according to security firm RiskIQ.
Commenting on this news is Lee Munson, Security Researcher at Comparitech.com:
“If malicious code writers have indeed been able to affect the source code of third-party software used by hundreds of online retailers, the potential impact could be massive.
By altering code linked to customer experience, the attackers could actually gain access to a plethora of personal, payment card and other sensitive data across a range of sites if their internal security mechanisms are weak.
While third-party code certainly serves a purpose, in terms of saving time and money for the implementer, it is a very real risk that should be given careful consideration before being accepted.
If it is accepted, important data should always be encrypted and segregated wherever possible to prevent issues such as those seen recently at Ticketmaster.”