back to article Magecart fiends punch card-skimming code in Sotheby's Home website

Toff tat bazaar Sotheby's Home website has become the latest casualty of Magecart after a breach saw card-skimming code deployed by infosec rotters. The auction house said it "became aware" of the intrusion on 10 October when an "unknown third party" accessed and "inserted malicious code". This "depending on the security …

  1. Version 1.0 Silver badge

    Trust? we've heard of it but that was a few years ago.

    We've recently had a corporate card skimmed, the card company caught it very quickly and called us, it's been cancelled and replaced.

    The problem has been sorted but I'm seeing a follow up attack - looks like they found the card holder details and email address - they are now sending the user spoof emails pretending to be from the card company about the card replacement - just click here to confirm ... except the link is to or somewhere. Uptick of SalesOrder.iso files too.

    These hacks can go on and on after the event.

  2. Anonymous Coward
    Anonymous Coward

    We believe that the so-called Magecart threat group... was responsible for the incident."

    No, YOU are responsible, your website, your responsibility.

  3. Anonymous Coward
    Anonymous Coward

    So what can be done at the browser end to stop this or at least reveal the presence of Magecart malware?

    1. Anonymous Coward
      Anonymous Coward

      Turn off javascript

      Turn off javascript.

      Then, of course, the page stops working. But any web dev that relies on client side scripting on a payments page should be barred permanently from the trade. Nothing sensitive or state-changing should ever be done client side (hence the invention of POST). It needs more expertise to do the job server-side, and that's the whole thing - fundamental lack of expertise in those tasked with mission- and security-critical systems development.

  4. Crazy Operations Guy

    "implemented additional security safeguards"

    You mean like actually checking what ode is actually running on your fscking website? It bothers me how massive and bloated websites have become and how they've gotten to the point where it is impossible to actually audit the things due to the massive amounts of 3rd party code that gets loaded so the page can show some sparkly menu or the page has a sliding effect that no one gives a shit about.

    I really miss the days when even the most complicated of websites could be audited by a single person with a text editor and basic skills in HTML, CSS, and whatever language the the CGIs were written in (And that language almost always being something ubiquitous like shell scripts or C).

    1. Snake Silver badge

      Re: "implemented additional security safeguards"

      And cursory auditing of a website, a first-look to see if something raises a flag in order to investigate further, is a rudimentary joke that takes only basic skills. Drill down through your directory structure and look for signs of recent changes in the timestamps.

      That's it. Yet, as you well noted, not a SINGLE person bothered to security check the website on an ongoing basis?


      The entire IT department either needs a humiliating spanking or an outright firing. As you, again, well noted, not a single person could figure this out and accomplish a simple, continuous website oversight, never-you-mind a true audit?!

  5. Jonathan Richards 1

    re Headline

    Boo. I thought this was an article about hacking with punch cards. Still waiting...

    1. TimMaher Silver badge

      Re: re Headline

      Yeah. So was I. I was going to set up a whole series of jokes about chads ‘n stuff.

      I’ll get my Hollerith punch.

      1. Rob Gr

        Re: re Headline

        A pinch and a Hollerith punch for the first of the month?

        (I'll fetch my chad and leave)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon