Hackers pop 6000 sites on active 18-month carding bonanza
Magento patched this bug 18 months ago and so it should be simple for web site owners to organise this to be fixed but Willem de Groot is still producing lists of online stores that are vulnerable and getting hacked on a daily basis.
It seems that a lot of store owners either don't care, or are completely oblivious to the issue, with responses like 'we are safe because we use https' or 'we are safe because we have the Symantec security seal'. Neither of which are protection against software bugs.
Hacked sites may have all sorts of card skimmers installed, of the type that send customers' credit card data to online hackers. A few months ago I personally noted that a few of the websites that I was managing had a big increase in credit card fraud -- this is one of the likely vectors of all of those stolen card numbers.
Here is what happens when your credit card gets stolen
Contrary to what you might think, stolen cards don't automatically get detected by the bank at the time the card is stolen. The bank has to wait for a transaction to appear on the card that you don't recognise.Also, contrary to what you might think, the big money in stolen credit cards is not where thieves take the card number and use it to buy a Porsche or a Rolex. Those transactions are easy to spot because people don't usually buy Porsches or Rolexes with their credit cards. The big money is in $5 or $10 monthly "service fees". It works like this: The thief puts a $10 charge on your card with the description "service fee" or similar. You, the customer, looks at this charge and thinks "damn bank, slugging me for more fees again" and gets on with your life, ignoring the fee. Meanwhile the thief has thousands or tens of thousands of stolen cards, each earning them a $10 monthly fee. That's big money.