#Privacy: Fashion site Sixth June becomes the latest victim to Magecart hackers

The French apparel site Sixth June has suffered a digital skimming attack on its website.

Rapid Spike security researcher “Jenkins” took to Twitter, stating that the brand had a live payment skimmer on its website, stealing customer credit card details. 

Jenkins posted screenshots of malicious Javascript and added that he reported the hack to the CEO but has yet to receive a response. 

Sixth June has become a popular fashion site in Europe, with over 394,000 followers on Instagram, and in September it was reported that the site had roughly 70,000 monthly visitors. 

Jenkins discovered that the hackers had added malicious code to Sixth June sometime before October 23. Thus it can be assumed that anyone who purchased items from Sixth June since that data has had their card data stolen. 

The threat actors behind the skimming attack made an effort to make sure that the card thieving will occur undetected by registering a domain that can easily be mistaken for the official one from Magento. 

Subsequently, when someone buys an item from Sixth June, “ a JavaScript code with the name ‘apiV3.js’ loads from mogento[.]info on the checkout page, as well as on /onepage and /firecheckout pages, Jenkins noticed,” BleepingComputer explains.

The hackers utilise a fake Google Tag Manager snippet to hide the malicious component. On all the compromised sites variations of this fake snipped was identified., however Jenkins found that the hosts were different.

The Magecart scripts collects all necessary card details including the name of the card owner, the name printed on the card, card number, expiration date and the CVV security number. 

Additionally, Jenkins’ analysis said that the script also collects the email address, the username, password, address details and phone numbers. This would then allow the hackers to log into a victim’s account and reroute an order. 

The particular attack is reminiscent of an alert raised by Willem de Groot, another security researcher from Sanguine Security who stated that Procter & Gamble’s First Aid Beauty brand had been infected with a payment skimmer since the beginning of May. 

Yossi Naar, co-founder of Cybereason commented:

“In an attempt to at least level the playing field, companies need to immediately pay more attention to post-breach detection and mitigation and assume they will be breached and start protecting their data accordingly.

“A few simple steps include encrypting all data that is deemed sensitive, limiting employee access to networks and reducing large collections of data in widely accessible systems.”

Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.

Reserve your place before 2nd October, and receive VIP access to PrivSec Global which includes priority access to limited space sessions, workshops, networking opportunities and exclusive content.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.