There's a technical foul on the Hawks' website, says a security analyst. The team says it's investigating.
The Atlanta Hawks may be good at defense on the court, but a security researcher found a different story online.Getty Images
The Atlanta Hawks need to play better defense online after a security researcher discovered malware in the basketball team's online store.
The website for the Hawks, the 12th-ranked team in the NBA's Eastern conference, was infected with malware designed to steal credit card information, said Willem de Groot, lead forensic analyst for Sanguine Security.
De Groot said he first spotted the malware April 20 and that it was stealing the names, addresses and credit card numbers of Hawks fans. He said he notified the team on Tuesday and that the malware is still active on the website.
"We take these threats seriously and are investigating," a Hawks spokesperson said.
The malware represents the latest example of a credit-card skimming scam that's gained steam over the last few years. During the last several months, NewEgg, British Airways and Ticketmaster UK were among the victims of the same type of attack, perpetrated by Magecart, the world's largest credit card-skimming operation, made up of different hacking groups.
De Groot said Magecart, which targets popular online stores with security vulnerabilities, also hit the Atlanta Hawks site.
"The frequency of hacked stores has gone down somewhat. However, the volume of stolen transactions apparently has gone up," de Groot said. "They seem to have shifted from hacking many small stores (automated breaches) to manual breaches of larger, more profitable targets."
The Atlanta Hawks shop boasted 7 million visits one year, and has more than 1.2 million followers on Twitter.
De Groot said he was able to spot the malware embedded on the Hawks' website through a Magecart detection engine he developed, which searches stores online for active payment skimmers. He said the tool finds about 50 to 150 stores compromised per day.
He tested out the malware by using fake credentials to order an Atlanta Hawks hat. De Groot said he found code on the Hawks' website that was logging his keystrokes as he entered the numbers in the payment form, with the data being sent to a domain name first registered March 25 and hosted by a provider popular with online criminals.
"The Magecart signature theft is to steal payment data, right when a customer enters them. Because at this stage, nothing has been encrypted yet, and the typical customer has no way of knowing that his data get siphoned off," he said in a message.
It's still unclear how the hackers gained access to the Atlanta Hawks' website, but de Groot said it's likely they didn't have to. In previous attacks, Magecart was able to compromise third-party tools that shops used, and infiltrate through those plug-ins.