Credit card theft script detected on Intersport websites

Credit card theft script detected on Intersport websites Cybersecurity

Groups of hackers who attack Web Skimming (also known as Magecart) have entered the online stores of two of the world’s largest retail chains: the fashion accessories store Claire’s and sporting goods retailer Intersport.

According to reports released today by security companies Sanguine Security and ESET, hackers hacked into the two companies’ websites and hid malicious script that recorded details of payment cards entered in payment forms.

Claire’s and Icing

According to Willem de Groot of Sanguine Security, Claire’s website was compromised between April 25 and 30, as was the site of its subsidiary Icing.

“The injected code intercepted all the customer information entered during payment and sent it to the server”, writes today Willem de Groot in a report shared with ZDNet, where was a domain registered four weeks earlier for the special purpose of executing this attack.

De Groot said it contacted Claire’s management at the time of the attack, and the company deleted the malicious code from its site.

Claire and Icing users who have made their purchases online during the above interval are urged to keep an eye on their bank card statements and contact their banks if they detect a suspicious transaction.


A similar incident was also released today by antivirus maker ESET, affecting the Intersport website, one of the largest sporting goods retail chains in Europe, with more than 5,800 stores across the continent.

The malicious script was not loaded on all versions of the Intersport website, but only on local versions serving customers in Croatia, Serbia, Slovenia, Montenegro and Bosnia and Herzegovina.

According to Willem de Groot, who also investigated the Intersport incident, the company’s stores were hacked on April 30, cleaned up on May 3, and then hacked again on May 14. ESET said the company deleted the malicious code within hours of being informed of the latest attack attempt.

Customers who have made purchases on the relevant Intersport websites should contact their bank and monitor their statements, to check for fraudulent purchases.

In both cases, the number of users affected would be greater than usual. The Claire’s and Intersport incidents took place during the coronavirus pandemic, when most of the physical stores were closed, customers were then redirected to the websites to make their purchases.



Rate article