The Stack Archive News Article

RiskIQ names Magecart as hacker group behind British Airways data breach

Wed 12 Sep 2018


Following the British Airways data breach that affected over 380,000 customers, cybersecurity firm RiskIQ has published an in-depth and detailed report on the ease of hacking into BA systems and the hackers behind the attack.

In the report, RiskIQ names Magecart as the culprit– the same team behind the data hack at Ticketmaster UK earlier this year which affected the data of 400,000 customers.

The report author Yonathan Klijnsma wrote of the ease with which the hacker executed the attack on British Airways : “This particular skimmer is very much attuned to how British Airway’s payment page is set up, which tells us that the attackers carefully considered how to target this site instead of blindly injecting the regular Magecart skimmer.”

By combing through data manually – over two billion pages per day – RiskIQ could see the way in which Magecart was able to steal data.

The hackers created a similar Modernizr javascript program to 2.6.2 on BA’s site to steal data.

The modified program changed 22 lines of code which allowed the hackers to obtain the information of users upon submitting payment details.

The javascript modification also captured customers’ names, addresses, and phone numbers.

The custom script was able to go unnoticed by British Airways, suggesting that Magecart had access to both the data obtained on the app and website before beginning the attack.

Klijnsma continued: “While we can never know how much reach the attackers had on the British Airways servers, the fact that they were able to modify a resource for the site tells us the access was substantial, and the fact that they likely had access long before the attack even started is a stark reminder about the vulnerability of web facing assets.”

RiskIQ advised BA customers to get a new card from their card provider, whilst BA warned customers to be vigilant of phishing scams from fraudsters.


data security UK
Send us a correction about this article Send us a news tip