What’s the matter?
Attackers hacked the website for the National Baseball Hall of Fame and injected a malicious Magecart script to steal customers’ payment card information.
On June 18, 2019, the National Baseball Hall of Fame learned that attackers could have obtained customers’ personal information by injecting malicious code on the checkout page of its online store.
What is the impact?
This incident resulted in attackers stealing the personal information of customers who made purchases via the online store between November 15, 2018, and May 14, 2019.
The stolen information included customers’ names, billing addresses, payment card information including CVV numbers. However, no Social Security numbers or driver licenses numbers were compromised.
What was the response?
“We value the trust you place in us to protect your privacy, take our responsibility to safeguard personal information seriously, and apologize for any inconvenience or concern this incident might cause,” National Baseball Hall of Fame said in a security notice.
Magecart Group 4 might be behind the attack
National Baseball Hall of Fame removed the Magecart script from the online store, however, BleepingComputer was able to locate the malicious script in a snapshot on Archive.org.
BleepingComputer researchers noted that the malicious script appears to be a Google Analytics script. Upon further analysis, they noted that the associated script is being read from www.googletagstorage[.]com.
“While the domain indicates it belongs to Google, www.googletagstorage[.]com is actually not registered to them and resolves to an IP address located in Lithuania. This same host has also been seen used in other attacks in the past as shown by the IOCs on AlienVault and IBM's Xforce Exchange,” researchers said in a blog.
Researchers speculate that Magecart Group 4 could be behind this attack as the methods used by the group have been observed in this particular attack.