When running a security scan on an e-commerce store I saw that the site had been hacked and credit card data was sent to the hacker’s website.
I’ve included an explanation of the script and what it is doing. If you find this script on your website or any other script that you didn’t add then you should immediately remove it.
The hacker script is the script tag with the url:
This script was added to the footer of the page and executes on every page on the website.
I’ve annotated the script below:
The script first checks if the page loaded is a payment page. If so, it executes the send() method that listens for form submits.
As you can see, the script has captured the billing address and credit card information from the form and successfully sent it to the hacker’s website (I put in test data so no harm was done).
Hacked websites on the rise
In March 2015 Google reported that 17 million websites had malicious software installed and were trying to steal visitors information.
In March 2016 the number had increased to 50 million.
Disastrous for your reputation if this happens to your website
If you find this script on your e-commerce site you should immediately remove it.
Of course, the damage has been done. Not only to your customers whose credit card details have been stolen but to your reputation.
If you don’t know how to properly secure your e-commerce website seek professional help.
The cost of protecting your website from hackers is nothing in comparison to the loss of reputation when your website is hacked.
If you sell online only it could mean the end of your business. Hacking attempts are increasing, especially against e-commerce sites. Make sure your e-commerce website is safe.