Macy’s recently disclosed that its website was breached on October 7, 2019, though the retail giant didn’t find out until a week later, on October 15, when an anonymous researcher alerted the company. The attackers were able to access customer and credit card information, including names, phone numbers, and payment card numbers. Macy’s claims that only a small number of customers were affected.
When the attackers compromised the Macy's website, they altered the https://www.macys.com/js/min/common/util/ClientSideErrorLog.js script to include an obfuscated Magecart script. Obfuscated Magecart Script The researcher told us that when a customer submitted their payment information, this script would launch and send the submitted information to a command and control server at Barn-x.com/api/analysis.php. The attackers could then access any stolen payment information by logging into the command and control server.