British Airways site had credit card skimming code injected

Enlarge / Thousands of BA customers had their credit card data "skimmed" by malicious JavaScript code inserted into the airline's website. (credit: Alf van Beem)

Last week, British Airways revealed that all the payment information processed through the airline's website and mobile app between August 21 and September 5 had been exposed. As many as 38,000 British Airways customers may have had their contact and financial information stolen in the breach, which evidence suggests was the result of malicious JavaScript code planted within British Airway's website.

According to a report by RiskIQ's Head Researcher Yonathan Klijnsma published Tuesday, RiskIQ detected the use of a script associated with a "threat group" RiskIQ calls Magecart. the same set of actors believed to be behind a recent credit card breach at Ticketmaster UK. While the Ticketmaster UK breach was the result of JavaScript being injected through a third-party service used by the Ticketmaster website, the British Airways breach was actually the result of a compromise of BA's own Web server, according to the RiskIQ analysis.

"This attack is a highly targeted approach compared to what we've seen in the past with the Magecart skimmer," said Klijnsma. "This skimmer is attuned to how British Airways' payment page is set up, which tells us that the attackers carefully considered how to target this site in particular."

Read 4 remaining paragraphs | Comments