British Airways was hacked by Magecart, the group that also attacked Ticketmaster…

Get a free Techzine subscription!

Researchers from British Airways have discovered that the group that recently performed a large hack is the same one that attacked Ticketmaster. The Magecard Group has been active since 2015, when it was first discovered by researchers from RisqIQ and ClearSky.

The group regularly attacks webshops and then hides JavaScript code to steal payment information that users enter on the payment pages of the webshops. Think of credit card numbers, names, addresses and other information that they fill in through the available forms. Now it turns out that the group also attacked British Airways.

380,000 users

Last week it was announced that British Airways had been hacked and that the credit card details of 380,000 users had been captured. The British airline did not reveal any technical details about the attack, but did let it know that the attacker captured information about payments captured via the main site, ba.com, and the mobile app.

At the same time, the researchers at RisqIQ state that the time period British Airways gave around the hack was the main hint that pointed to Magecart. The experts at RisqIQ have a tool at their disposal that stores the source code of sites every so often. This way they can see what kind of JavaScript code is used on sites and when it has changed.

The research

In the case of the British Airways site, it appeared that a file that had not been modified since 2012 was changed in the course of 21 August 2018. That’s the day before the hack, according to the airline, took place. It turned out that a piece of code had been added to the file that stores interactions with the payment form. It is striking that the mobile app was also hacked immediately, which according to the researchers at RisqIQ was possible because the payment interface of the ba.com site was loaded directly into the mobile app.

Magecart has been active for three years now. The hacker group has captured data from thousands of websites, including a while ago from Ticketmaster and last week British Airways was also affected by the group. Every year the group becomes more active and larger targets are attacked.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.