All websites have a 404 page that displays when a viewer attempts to open a page that doesn’t exist for any number of reasons, like a broken link or the page being moved. Akamai’s team discovered the credit card data-stealing code Magecart hidden in the 404 pages of a number of e-commerce sites, including some “renowned organizations” in the food and retail sectors.
Can 404 error pages steal your credit card data?
Answer: It appears so.
You should be extra wary the next time you encounter a 404 error page while shopping online. Cybersecurity researchers from Akamai recently discovered credit card skimmers hidden in this page on e-commerce websites.
All websites have a 404 page that displays when a viewer attempts to open a page that doesn’t exist for any number of reasons, like a broken link or the page being moved. Akamai’s team discovered the credit card data-stealing code Magecart hidden in the 404 pages of a number of e-commerce sites, including some “renowned organizations” in the food and retail sectors.
According to Akamai, this is a new technique that has not been seen before. “This concealment technique is highly innovative and something we haven't seen in previous Magecart campaigns,” the team said in their report. “The idea of manipulating the default 404 error page of a targeted website can offer Magecart actors various creative options for improved hiding and evasion.”
All websites have a 404 page that displays when a viewer attempts to open a page that doesn’t exist for any number of reasons, like a broken link or the page being moved. Akamai’s team discovered the credit card data-stealing code Magecart hidden in the 404 pages of a number of e-commerce sites, including some “renowned organizations” in the food and retail sectors.