Forbes Becomes Latest Victim of Magecart Payment Card Skimmer

Posted on May 18, 2019

Forbes Becomes Latest Victim of Magecart Payment Card Skimmer

The web skimming script was recently found stealing payment data on the websites of Forbes Magazine as well as seven others. The payment card-siphoning Magecart group has struck again; this time injecting web-skimming scripts into the subscription website for the Forbes print magazine (as well as a slew of others over the past week). The script, which has since been removed, was discovered on the subscription page of the Forbes Magazine website on Wednesday, scraping up the payment data of subscribers.

It should be noted that the affected Forbes Magazine subscription page ( is a separate website from the Forbes online news outlet ( The impacted website was taken down shortly after the problem was discovered; and remains down while Forbes works with third parties to clean up the site, a Forbes spokesperson told Threatpost. The spokesperson said that Forbes is fairly confident that no one was impacted by the skimmer.

Forbes isn’t the only recent victim of the infamous Magecart group: In just the last week, Magecart web skimmers have also been discovered on at least seven other websites – with the majority of compromises occurring around May 10. Those affected were: Content management system CloudCMS and analytics provider Picreel (both discovered by security researcher Willem de Groot), as well as ad platform provider AdMaxim, analytics tech supplier RYVIO, ad provider AppLixir, supplier eGain and content-marketing supplier Growth Funnel.