50,000 credit cards stolen from 300 U.S. restaurants

Payment card details from customers of over 300 restaurants have been stolen in two web-skimming campaigns targeting three online ordering platforms.

Web-skimmers, or Magecart malware, are typically JavaScript code that collects credit card data when online shoppers type it on the checkout page.

Recently, Recorded Future’s threat detection tools identified two Magecart campaigns injecting malicious code into the online ordering portals of MenuDrive, Harbortouch, and InTouchPOS.

The web skimmer was injected into the restaurant’s web pages and its assigned subdomain on the online payment service’s platform. On Harbortouch, the injected skimmer used a single script to steal all personally identifiable information (PII) and payment card data.

Most of these restaurants were small local establishments across the U.S. using the platform as a cost-effective alternative to outsource the online ordering process, according to the following victim map:

As a result, 50,000 payment cards were stolen and have already been offered for sale on various marketplaces on the Dark Web.

The other day, mental health application Feelyou patched an issue that saw the email addresses of its nearly 80,000 users exposed online.