Security reports describe a web-skimming campaign that abused a deprecated Stripe API to validate stolen credit card data from compromised ecommerce sites.
Основний текст
Читай текст у контексті й натискай підсвічені слова, щоб відкрити переклад, транскрипцію та дії зі словником.
Vocabulary:10(✓0+0-10)
knownlearningnew
Hackers have been abusing a in a that steals credit card data from checkout pages on compromised ecommerce sites. Security researchers say the attack does not appear to be a of Stripe itself, but a misuse of an older Stripe by criminals who first infect online stores.
The campaign targeted sites with malicious checkout code, often described as a . When a shopper entered payment details, the skimmer collected the card number and other information. The unusual part was what happened next: the attackers used Stripe’s Sources API to whether the stolen card data was likely to work.
That made the operation more efficient. Instead of stealing large lists of untested cards, criminals could filter out bad data before sending the useful card details to their own servers. Researchers said this made the skimmer quieter, cleaner, and harder for merchants to notice quickly.
Stripe has moved developers toward newer payment APIs, and security reports urged merchants to migrate away from . Older endpoints can remain attractive to attackers because they may still accept certain calls, even after better tools and safer flows become the standard recommendation.
For businesses, the incident is a reminder that payment security is not only about choosing a trusted provider. Merchants must also keep plugins, checkout code, and integrations updated. A strong payment company cannot fully protect a store if the store’s own website is already infected.
For shoppers, the practical advice is familiar but important: watch card statements, use bank alerts, and be careful with stores that look broken or unfamiliar at checkout. Most customers cannot see a skimmer in the page code, so the fastest warning may be an unexpected charge.
The case also shows why old APIs can become a security risk long after a better replacement exists. In payments, legacy systems are not just ; they can become tools criminals use to test and move stolen financial data.
Вправи
Перевірте розуміння тексту, ключову лексику та зміст уроку після читання.
Після перегляду визнач, чи правильне твердження
Визнач, чи твердження правдиві.
Щоб виконувати завдання, увійдіть в акаунт.
Вибери правильний варіант відповіді
Вибери правильну відповідь.
Щоб виконувати завдання, увійдіть в акаунт.
Обговорення
щоб коментувати, лайкати відповіді та скаржитися на коментарі.
Fake CAPTCHAs Turn Routine Verification Into a Malware Trap
Обговорення
щоб коментувати, лайкати відповіді та скаржитися на коментарі.