Two important pages of Macy’s website was hacked for one week in October. During that period your credit card details and other information may have been stolen. You were only impacted if you went to the checkout page or your wallet page. Any information entered, including credit cards was sent to the criminals between October 7th, 2019 and October 15th, 2019 when they detected and removed it.

How was Macys hacked? The information given makes it sound like persistent XSS, which means code in a computer language called Javascript was entered into an area that accepts information and was saved and stored with all the other information. It then contacted the hackers and sent any to the hackers system with the information, until it was removed.

This type of hack truly is trivial for most hackers to do, but we’re glad Macy’s detected it and removed it in a week.