RiskIQ blames Ticketmaster attacker “Magecart”

San Francisco-based cybersecurity company RiskIQ says it has identified the precise malicious code used to steal payment details from 380,000 British Airways customers.

Blaming threat group Magecart, the team behind the massive Ticketmaster breach, along with other card skimming attacks, the company said the script was a modified version of the Modernizr JavaScript library, version 2.6.2.

RiskIQ crawls and stores terabytes of data from websites daily.

Basing their investigation off the limited public information from BA after the hack (that payments through its main website and mobile app were affected from 22:58 BST August 21 until 21:45 BST September 5) the company went through stored versions of individual scripts on BA’s pages to find changes in them over time.

It soon found the suspicious script.

The text above is a summary, you can read full article here.