Published Oct 29, 2019

Hackers Target American Cancer Society’s Online Shop– Don’t Stop Giving, But Be Wary of Credit Card Theft

Details

What could be worse than having your credit card information stolen online and sold on the dark web? Having it happen while you’re trying to support an organization dedicated to eliminating cancer. The American Cancer Society’s online store was hacked late last week, according to TechCrunch. TechCrunch’s reporting is based on a report from the security research William de Groot, who works for a company called eComscan, which scans online stores for malware. In a scan of the code on the American Cancer Society’s website, de Groot reported that he found that the cancer society’s store had code designed to scrape credit card payments from people making purchases on the page.

According to de Groot, as reported in TechCrunch, the hackers, known as Magecart, have used similar methods of hacking to target big online purchase companies, such as British Airways, Ticketmaster, and others. Magecart is known to use the credit card numbers they steal to sell on the dark web and to commit fraud. The domain used for this hack was registered in Moscow.

RELATED: Outrage As New Study Finds Some of the Deadliest Cancers Receive Least Funding for Research Inaccurate Stigmas Partially to Blame

SurvivorNet reached out to the American Cancer Society for comment, and the organization’s media director, Kathi DiNicola, said that the situation is under investigation. According to TechCrunch, De Groot reached out to the American Cancer Society to report the bad-acting code as soon as he spotted it on Thursday, and by Friday it had been removed. But the ACS has not yet revealed how many people were affected by the hack, and for how long the malware was active on the site. Regardless, TechCrunch advises “anyone who entered information through the American Cancer Society late last week should contact their payments provider.”

Why Would Russian Hackers Target a Benevolent Cancer Organization?

While it’s impossible to say for sure what the hackers’ motivations were in choosing the American Cancer Society as a hacking target rather than one of the myriad other large e-commerce sites out there. But more so than any sort of evil determination to steal from those who are trying to do something good — that is, play their part in preventing and treating cancer — it’s likely that the hackers saw an opportunity in the site’s reach and popularity.

Particularly in the month of October, when the American Cancer Society hosts the widely-attended “Making Strides Against Breast Cancer” walks across the country, the site gets a great deal of traffic. The online store (the part of the organization that was specifically hacked) sells popular pink Making Strides t-shirts that people can personalize to honor someone specific.

Learn more about SurvivorNet's rigorous medical review process.