Magecart Gangs Targeting Larger Organizations During Lockdown, Researcher Warns
"Jewelry and accessories retailer Claire's says e-commerce platform hackers, using Magecart tactics, have stolen an unknown amount of its customers' payment card data.
The attackers appear to have infiltrated the company's Salesforce Commerce Cloud environment for at least seven weeks, although the security firm that spotted the breach says there's no indication that the underlying Salesforce platform itself had a flaw or was hacked.
Claire's is an accessories, jewelry and toy retailer - a fixture in many malls and shopping centers - that has nearly 3,500 locations worldwide as well as e-commerce operations, and is based in Hoffman Estates, Illinois.
The retailer says the breach only affected online sales and not any cards used in its physical stores.
The hack attack was spotted and reported directly to Claire's by Netherlands-based security firm Sansec, which regularly searches for signs of Magecart-style attacks. Such attacks typically involve attackers sneaking attack code onto sites that accept payment cards. Previous victims of this style of attack have included British Airways and Ticketmaster UK."