The notorious Magecart credit card skimmer group managed to hit yet another high-profile target, as it became apparent by a Twitter message posted by security researcher Troy Mursch on May 14. While posting about it on Twitter, he also, directly, notified Forbes that threat actors had managed to compromise the subscription page for the physical copy of the magazine.
After the attack became public, the forbesmagazine.com website was taken down, while the exfiltration domain was quickly shut down by Freenom's API. The attack on Forbes' website, however, didn't seem to be over, even after the exfil domain was shut down. On May 15, the Forbes subscription page came back online with a cryptic message that read: "Let the game begin!"
Over the following days, the website kept going online and offline, with a total downtime of around seven days. Forbes worked with third-party security professionals to repair it and stated that the company is "fairly confident" that there was no one affected by the Magecart skimmer. Troy Mursch, however, was not quite convinced that this was the case and tweeted: "If you made a purchase on the site while it was compromised, your credit-card information was likely stolen."
Anyone who made a purchase for the dead tree edition of the Forbes magazine should check their payment statements for any suspicious activities and is advised to monitor their accounts in the following months, as their payment data may continue to be passed around the Dark Web for months to come.
It appears that the Magecart skimmer group has become unstoppable at this point, with companies like Ticketmaster, Visiondirect, OXO, Newegg, and British Airways being listed as just some of the high-profile victims. Considering the fact that an extensive article about cybercrime in general, and the Magecart group, in particular, was posted by Jason Bloomberg on Forbes' website back in January, it is kind of ironic that the magazine didn't take the proactive steps necessary to protect their customers' sensitive data.
It seems, however, that at this point, online publications are more concerned with whether you're using Adblock or private browsing than they are with actually securing the data that they want you to entrust them.