This article is more than 1 year old

Magecart fiends punch card-skimming code in Sotheby's Home website

If you shopped with 'em since March 2017, consider your deets in the haul

Toff tat bazaar Sotheby's Home website has become the latest casualty of Magecart after a breach saw card-skimming code deployed by infosec rotters.

The auction house said it "became aware" of the intrusion on 10 October when an "unknown third party" accessed and "inserted malicious code".

This "depending on the security settings of your computer, may have transmitted personal information you entered into the website's checkout form to this third party".

Weeks ago Vision Direct admitted it had fallen foul of tricksters who slurped info as it was "being entered into the site". British Airways and Ticketmaster were hit by the same issue in September and June respectively. The attackers introduced code that skims data as it is typed.

As such, customer names, addresses, email addresses, payment card numbers, card expiration dates and CVV codes were potentially included in the data haul, the auction biz said.

Sotheby's told customers that upon realising the breach, it removed the malware, "which we believe was present on the website since at least March 2017". Sotheby's Home is the renamed website for Viyet, a luxury design online marketplace it acquired in February this year.

"Based on our investigation into this incident, however, we cannot be certain as to when the website was first victimised by this attack. Accordingly, in an abundance of caution, we are notifying all Sotheby's Home website customers (including those who made purchases on the Viyet website) that is it possible that their information has been accessed by an unauthorised party," the statement continued.

The malicious code was "promptly" expunged from Sotheby's Home website upon discovery, it said, and there has been "no evidence of continued risk of unauthorised data transmission". A security specialist is probing the events and "working with the website's payment processor about this incident".

Sotheby's said it had "implemented additional security safeguards" but didn't specify what these measures were.

In a statement sent to The Reg, the auction house said the Home website only serves clients in the US and said the chance of people elsewhere in the world being affected is "remote".

"We believe that the so-called Magecart threat group, which has targeted a large number of ecommerce sites, and which is known to have previously targeted other companies whose website use the same software Sotheby's Home was using at the time, was responsible for the incident." ®

More about


Send us news

Other stories you might like