Supply chain
β Supply Chain
E-commerce stores Third-Party Breach (September 2020)
Primary Source βIncident Details
Payment Card Skimming Hits 2,000 E-Commerce Sites. From Friday through Monday, malicious JavaScript skimming code was injected into nearly 2,000 e-commerce sites that were running an older version of Adobe’s Magento. See Also: Intelligent Banking in the Age of AI: Unifying Fraud, Security, and Compliance. The hackers may have used a zero-day exploit for Magneto that was being sold on a darknet forum, the security firm reports. Third-party company: Adobe Magento 1.
Technical Details
- Initial Attack Vector
- Compromise of third-party service provider / vendor relationship
- Vendor / Product
- Adobe Magento 1
- Supply Chain Attack
- β Confirmed third-party / vendor compromise
Timeline
- 2020-09-01 Breach occurred
- 2020-09-01 Publicly disclosed