"Costco Store Payment Terminal Breached by Data Skimmer"

The big-box retail store company Costco has faced a breach at one of its store terminals. A card skimming device was used at a payment counter to steal customers' payment card data. Following the discovery of the payment card skimming device, Costco issued notification letters to customers about the possibility of their card data being stolen if they recently made a purchase at that specific store. Costco warned that unauthorized parties may have acquired the magnetic stripe of payment cards, thus gathering names, card numbers, card expiration dates, and CVVs. The data skimmer was discovered during a routine inspection of pin pads by Costco personnel, after which law enforcement was notified. The device was a physical device that was placed on the payment card scanner to intercept details from the cards' magnetic stripes. The skim game also involves the use of digital skimming or e-skimming techniques to steal customer data, which have been used by Magecart attackers. These attackers have been discovered distributing PHP web shells, known as Smilodon or Megalodon, disguised as favicon to gain remote access to targeted servers. The Magecart Group 12 is a cybercriminal gang known for its attacks against Magento online stores. This article continues to discuss the physical payment card skimming device recently discovered at a Costco warehouse and the use of digital skimmers by Magecart attackers.  

CISO MAG reports "Costco Store Payment Terminal Breached by Data Skimmer"