Online ordering platforms for restaurants offer the convenience for customers to make online food orders as well as in-store touch screen menu choices and payments. This allows restaurants to outsource the burden of developing an ordering system. High end online ordering systems such as those used by Uber Eats and DoorDash dominate the market, there are also hundreds of smaller online ordering platforms that serve small, local restaurants.
These smaller scale platforms could service hundreds of restaurants as clients. Online ordering platforms have become a high-value target for cyber threat actors conducting Magecart e-skimmer attacks because compromising a single online ordering platform typically results in the exposure of online transactions performed at a significant portion of other restaurants that also use the platform.
Two active Magecart campaigns are targeting restaurants using MenuDrive, Harbortouch, and InTouchPOS online ordering services. At least 50,000 credit cards were compromised and listed for sale on the dark web, impacting over 300 small businesses.
Magecart attacks are web-based credit card skimming operations in which malicious JavaScript code is injected into the payment portals of websites or third-party dependencies to steal credit card data as customers complete the checkout process.
Since November, a campaign has targeted InTouchPOS with a card skimmer that overlays a fake payment form onto the shopping cart’s checkout page.
MenuDrive and Harbortouch are targeted in a separate campaign that began in January. In these attacks, card skimming malware is implanted into both the restaurant’s website and its subdomain on the online payment service’s platform. On MenuDrive, threat actors use two different scripts to harvest credit card information and the cardholder’s name, email address, and phone number. A single script is used on Harbortouch to collect the same information.
Attacks against all three platforms are ongoing.
One recent victim of the restaurant, touch-screen credit card fraud told reporters on Monday, “It’s crazy, I looked at my credit card statement, and I noticed 65,000 orders of hamburgers and 95,000 orders of french fries were recently charged to my credit card!”
The victim added: “I’m no fool, I’ve heard of restaurant credit card fraud, but 65,000 hamburgers! Come on, that’s insane!”
“I definitely love fast food,” the victim went on to say, “in fact I eat all of my meals at the fast food joint right around the corner, but I can’t eat 65,000 hamburgers in one shot; I can’t even that much over the course of a year, even without the buns!”
Investigators are still searching for the perpetrators of this crime. However, online detective, Mr. George Clickstein, issued a statement on Monday asking all online restaurant customers to be on the lookout for a heavy-set fellow carrying roughly 75,000 orders of hamburgers and approximately 94,000 orders of french fries in a black and white knapsack, slung around his shoulder.
“Initial reports indicate that there is plenty of grease oozing out from his knapsack,” Detective Clickstein said. “Also, if you think you’ve spotted the suspect, make sure to analyze his chin, because we’ve had reports of a man in his late 30s carrying an oversized knapsack with tons of grease dripping down his chin.”
Mr. Clickstein also shot down online rumors that the man behind this massive hamburger theft is none other than the six-time champion of the Nathan’s Hot Dog Eating Contest, Takeru Kobayashi.
“No, it’s not him, the online detective said, “he’s into hot dogs – burgers, not so much. And he doesn’t need to steal the burgers. He gets free offers all the time.”
Glad to see your writers are back from the Ketskills.
Why not post that most stores in Lakewood do not use the online ordering services that were breached.
Yet. Would you feel comfortable paying your tickets, taxes and permits, etc., by the Municipal Building Kiosk?
FYI: Any point of sale system could be breached. If Target, Walmart and Amazon could be huge famous hacks kal v’chomer so can Mom & Pop stores. Most stores I can see are taking orders online these days.