RiskIQ blames Ticketmaster attacker “Magecart”
San Francisco-based cybersecurity company RiskIQ says it has identified the precise malicious code used to steal payment details from 380,000 British Airways customers.
RiskIQ crawls and stores terabytes of data from websites daily.
Basing their investigation off the limited public information from BA after the hack (that payments through its main website and mobile app were affected from 22:58 BST August 21 until 21:45 BST September 5) the company went through stored versions of individual scripts on BA’s pages to find changes in them over time.
It soon found the suspicious script.