How MageCart Attackers Bypassed Payment Fraud Detection at MyPillow

MageCart attackers compromised MyPillow.com's checkout between October and November 2018, injecting malicious JavaScript to steal credit card data before it reached payment processors. The client-side interception bypassed traditional fraud detection systems designed to monitor processed transactions. The attack exploited gaps in content security policies and client-side script validation that were commonplace in 2018 e-commerce infrastructure.

Published 5 days ago

Read at another depth

Intermediate Beginner

Recent briefs

See all briefs →

Europe's Gas Use Falls Below 2022 Levels—A Structural ShiftJune 4, 2026
Rio Tinto Puts One Executive in Charge of Its Global Iron OreJune 4, 2026
Somalia Holds Election After Constitutional Power StruggleJune 4, 2026
House Votes to End Iran Military Conflict After Months of GridlockJune 4, 2026
After 34 Years, Disneyland Paris Finally Turns ProfitableJune 4, 2026
Real Madrid's First Election Fight in 20 Years: A Star-Powered GambleJune 4, 2026
Congo's New Ebola Outbreak Tests Years of PreparationJune 4, 2026
UK Police Arrest Stabbing Victim Based on Attacker's False AccountJune 4, 2026