Sign up for our daily briefing
Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Denver news in your inbox
Catch up on the most important stories affecting your hometown with Axios Denver
Des Moines news in your inbox
Catch up on the most important stories affecting your hometown with Axios Des Moines
Minneapolis-St. Paul news in your inbox
Catch up on the most important stories affecting your hometown with Axios Twin Cities
Tampa Bay news in your inbox
Catch up on the most important stories affecting your hometown with Axios Tampa Bay
Charlotte news in your inbox
Catch up on the most important stories affecting your hometown with Axios Charlotte
Over 2 million websites are now infected with Magecart, malware that allows thieves to steal credit card information, according to a RiskIQ report released Friday.
Why it matters: Magecart has become one of the most prolific threats to steal credit card information online. "2 million is a big number, and only getting bigger," Jordan Herman, a researcher at RiskIQ, told Axios via email.
Background: Magecart has ensnared some of the largest websites in credit card breaches, including Ticketmaster and British Airways.
- It is often installed into the code running websites on misconfigured Amazon cloud servers using automated software that finds the cloud accounts and inserts that malicious code.
- RiskIQ recommends, whenever possible, consumers use off-site mechanisms to pay for website goods — like Apple Pay, PayPal or other established trustworthy systems.