Magecart, six months on
Six months after British Airways. The Magecart cluster has multiplied into at least seven distinct subgroups, the technique has become more sophisticated, and the customer-side defensive posture has only partially adapted.
British Airways and the Magecart wave
BA disclosed Thursday: 380,000 customer payment cards taken via injected JavaScript on the booking-flow pages. The first major UK GDPR-era disclosure has the shape of a Magecart attack, which makes the supply-chain angle the principal lesson.