Russia!
I'm not saying it's state-sponsored, but it's probably state sponsored.
Hackers have installed skimming scripts on more than 6000 online stores and are adding 85 each day in a wide-scale active operation that may have compromised hundreds of thousands of credit cards. Dutch developer Willem de Groot found the malware infecting stores running vulnerable versions of the Magento ecommerce platform. …
I don't pay by credit card online often but I seem to remember that the CC entry and acceptance was dealt with by one of a small number of global service providers who's names were familiar and I was redirected to their site for payment, then back to the vendor site after acceptqance. Are these breaches at sites who have their own CC payment systems and don't use the big providers?
.. You hope you were redirected to their site and not a harvesting clone site.
I despise the flawed JavaScript & site redirect centric models used in credit card payments on so many sites.
It's not a good thing that users get so happy with the idea of being sent "off site" for payments as makes it far easier for malicious attacks to do exactly the same and appear legit to the user (not helped by the cryptic names of some of the payment sites which do not exactly instil confidence).
I've worked on Magento sites that were configured to accept CC numbers directly, then charge the card (through a big provider) via server-to-server API. Then only real security requirement was that the sites use HTTPS.
This is even worse than the redirect APIs you speak of. CC data passes through the site in plaintext, and some may store it in a databse for future payments. Skimming cards is a simple matter of inserting some rogue PHP code. It can only be detected by version control / file comparison tools on the server (which these sites rarely use), not by outside scanning tools or wary customers.
I wanted to see if any of the sites I use have been compromised and when you follow the link here or the one on Slashdot both end up with a github 404 error.
Can someone re-instate the page with the affected sites as it's votal information!