{"id":29215,"date":"2019-09-20T14:43:51","date_gmt":"2019-09-20T14:43:51","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/30514\/Hotel-Booking-Sites-Come-Under-Fire-From-Magecart.html"},"modified":"2019-09-20T14:43:51","modified_gmt":"2019-09-20T14:43:51","slug":"hotel-booking-sites-come-under-fire-from-magecart","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/hotel-booking-sites-come-under-fire-from-magecart\/","title":{"rendered":"Hotel Booking Sites Come Under Fire From Magecart"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/zdnet2.cbsistatic.com\/hub\/i\/r\/2019\/09\/20\/f9752509-9f2f-45ee-8da9-1e8014868a82\/thumbnail\/770x578\/dd01347918b927b687736b06a9b20ea6\/screenshot-2019-09-20-at-09-50-32.png\" class=\"ff-og-image-inserted\"><\/div>\n<p>A fresh wave of Magecart-linked attacks is taking place with the hotel booking websites becoming the latest victims.&nbsp;<\/p>\n<p>Earlier this week, cybersecurity firm Trend Micro said that in early September, <a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/magecart-skimming-attack-targets-mobile-users-of-hotel-chain-booking-websites\/\" target=\"_blank\" rel=\"noopener noreferrer\">two hotel booking websites<\/a> &#8212; owned by separate chains &#8212; were being injected with a JavaScript-based card-skimmer.<\/p>\n<p>If the script was accessed remotely through a standard browser on a PC, loaded JavaScript was not malicious.&nbsp;<\/p>\n<p>However, if requested from a mobile device such as an Android or iOS handset, the &#8220;same link could also download a different script,&#8221; the team says, which is, in fact, a credit card skimmer.&nbsp;<\/p>\n<p>The injected code, which would appear on the payment page of the hotel websites, appears to have been active since August 9. Payment card details input by unwitting victims are harvested and sent to a remote server controlled by attackers.&nbsp;<\/p>\n<p>Trend Micro says the impacted websites did not host the code themselves, but rather it was found in scripts provided by the developer of the domains, Roomleader.&nbsp;<\/p>\n<p>Specifically, a JavaScript library called by Roomleader client websites uses a module called &#8220;viewedHotels.&#8221; The module is intended to be a way for saving viewed hotel information to visitor browser cookies but is, instead, serving malware. &nbsp;<\/p>\n<section class=\"sharethrough-top\" data-component=\"medusaContentRecommendation\" data-medusa-content-recommendation-options=\"{&quot;promo&quot;:&quot;promo_ZD_recommendation_sharethrough_top_in_article_desktop&quot;,&quot;spot&quot;:&quot;dfp-in-article&quot;}\">\n<\/section>\n<p>Trend Micro says that while the number of websites affected is small, it is still significant considering one brand caters for 107 hotels, while the other supports 73 hotels. These establishments are located in a total of 28 countries.&nbsp;<\/p>\n<p>The skimmer itself is generic and copies data including names, email addresses, telephone numbers, and payment card details. However, an interesting element is the fact this Magecart-related attack removes any credit card information input into a booking page and replaces it with another, crafted version.&nbsp;<\/p>\n<p><strong>See also:&nbsp;<\/strong><a href=\"https:\/\/www.zdnet.com\/article\/old-magecart-domains-reincarnated-in-new-attacks\/\" target=\"_blank\" rel=\"noopener noreferrer\">Old Magecart web domains resurrected for fraudulent ad schemes<\/a><\/p>\n<p>According to the team, there are two reasons for this which are most likely &#8212; the first being that some hotels will not ask for a CVV\/CVC security code until they arrive, and so by replacing the form, the threat actors can also attempt to secure this key data.&nbsp;<\/p>\n<p>Secondly, it may be due to booking pages that host payment information in a different domain using HTML iframes in a bid to aid security.&nbsp;<\/p>\n<p>&#8220;In this scenario, a regular JavaScript skimmer will not be able to copy the data inside the secure iframe,&#8221; Trend Micro says. &#8220;Therefore, the attacker removes the iframe of the secured credit card form and injects his own form so the skimmer can copy the information.&#8221;<\/p>\n<p>The injected code will check to see which language is in use &#8212; such as English, Spanish, or French &#8212; and will add a corresponding malicious credit card form.&nbsp;<\/p>\n<p><strong>CNET:&nbsp;<\/strong><a href=\"https:\/\/www.cnet.com\/videos\/the-pivot-to-privacy-could-come-with-a-100m-grant\/?ftag=CMG-01-10aaa1b\" target=\"_blank\" rel=\"noopener noreferrer\">The pivot to privacy could come with a $100 million grant<\/a><\/p>\n<p>It is not known how many individuals may have been impacted. Trend Micro says that it is also difficult to determine whether or not this threat group has been involved in previous Magecart campaigns due to a lack of evidence provided by network infrastructure or code, but added that it is certainly &#8220;possible.&#8221;&nbsp;<\/p>\n<p>In the past, Magecart groups have been connected with card-skimmer attacks taking place against companies including <a href=\"https:\/\/www.zdnet.com\/article\/ticketmaster-breach-was-part-of-a-larger-credit-card-skimming-effort-analysis-shows\/\" target=\"_blank\" rel=\"noopener noreferrer\">Ticketmaster<\/a>, <a href=\"https:\/\/www.zdnet.com\/article\/magecart-claims-another-victim-in-newegg-merchant-data-theft\/\" target=\"_blank\" rel=\"noopener noreferrer\">Newegg<\/a>, and <a href=\"https:\/\/www.zdnet.com\/article\/british-airways-cyberattack-data-theft-bigger-than-we-first-thought\/\" target=\"_blank\" rel=\"noopener noreferrer\">British Airways<\/a>.&nbsp;<\/p>\n<p>Researchers from RiskIQ recently documented a new trend related to Magecart &#8212; the purchase of old, sinkholed domains for new <a href=\"https:\/\/www.zdnet.com\/article\/old-magecart-domains-reincarnated-in-new-attacks\/\" target=\"_blank\" rel=\"noopener noreferrer\">malvertising schemes<\/a>.&nbsp;<\/p>\n<p><strong>TechRepublic:&nbsp;<\/strong><a href=\"https:\/\/www.techrepublic.com\/article\/how-to-handle-the-public-disclosure-of-bugs-and-security-vulnerabilities\/?ftag=CMG-01-10aaa1b\" target=\"_blank\" rel=\"noopener noreferrer\">How to handle the public disclosure of bugs and security vulnerabilities<\/a><\/p>\n<p>These domains are used to host malicious scripts called by infected websites, as well as to facilitate the theft of data. According to the researchers, once a domain has been recognized, sinkholed, and cut out of the attack chain, fraudsters wait until they also expire and are returned to the market by registrars.&nbsp;<\/p>\n<p>Once this occurs, these domains are purchased and the old JavaScript-based call routes are replaced not with card-skimming malware, but pages with advertisements &#8212; which suggests those behind this &#8216;secondary market&#8217; are attempting to cash-in on fraudulent advertising.&nbsp;<\/p>\n<p>ZDNet has reached out to Roomleader and will update if we hear back.&nbsp;<\/p>\n<h3>Previous and related coverage<\/h3>\n<hr>\n<p><strong>Have a tip?<\/strong> Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0<\/p>\n<hr>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/30514\/Hotel-Booking-Sites-Come-Under-Fire-From-Magecart.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":29216,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[5255],"class_list":["post-29215","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlineprivacybankcybercrimedata-lossfraudbackdoor"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Hotel Booking Sites Come Under Fire From Magecart 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/hotel-booking-sites-come-under-fire-from-magecart\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Hotel Booking Sites Come Under Fire From Magecart 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/hotel-booking-sites-come-under-fire-from-magecart\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2019-09-20T14:43:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/09\/hotel-booking-sites-come-under-fire-from-magecart.png\" \/>\n\t<meta property=\"og:image:width\" content=\"770\" \/>\n\t<meta property=\"og:image:height\" content=\"578\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hotel-booking-sites-come-under-fire-from-magecart\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hotel-booking-sites-come-under-fire-from-magecart\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Hotel Booking Sites Come Under Fire From Magecart\",\"datePublished\":\"2019-09-20T14:43:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hotel-booking-sites-come-under-fire-from-magecart\\\/\"},\"wordCount\":717,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hotel-booking-sites-come-under-fire-from-magecart\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/09\\\/hotel-booking-sites-come-under-fire-from-magecart.png\",\"keywords\":[\"headline,privacy,bank,cybercrime,data loss,fraud,backdoor\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hotel-booking-sites-come-under-fire-from-magecart\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hotel-booking-sites-come-under-fire-from-magecart\\\/\",\"name\":\"Hotel Booking Sites Come Under Fire From Magecart 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hotel-booking-sites-come-under-fire-from-magecart\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hotel-booking-sites-come-under-fire-from-magecart\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/09\\\/hotel-booking-sites-come-under-fire-from-magecart.png\",\"datePublished\":\"2019-09-20T14:43:51+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hotel-booking-sites-come-under-fire-from-magecart\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hotel-booking-sites-come-under-fire-from-magecart\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hotel-booking-sites-come-under-fire-from-magecart\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/09\\\/hotel-booking-sites-come-under-fire-from-magecart.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/09\\\/hotel-booking-sites-come-under-fire-from-magecart.png\",\"width\":770,\"height\":578},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hotel-booking-sites-come-under-fire-from-magecart\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,privacy,bank,cybercrime,data loss,fraud,backdoor\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlineprivacybankcybercrimedata-lossfraudbackdoor\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Hotel Booking Sites Come Under Fire From Magecart\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Hotel Booking Sites Come Under Fire From Magecart 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/hotel-booking-sites-come-under-fire-from-magecart\/","og_locale":"en_US","og_type":"article","og_title":"Hotel Booking Sites Come Under Fire From Magecart 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/hotel-booking-sites-come-under-fire-from-magecart\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2019-09-20T14:43:51+00:00","og_image":[{"width":770,"height":578,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/09\/hotel-booking-sites-come-under-fire-from-magecart.png","type":"image\/png"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/hotel-booking-sites-come-under-fire-from-magecart\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/hotel-booking-sites-come-under-fire-from-magecart\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Hotel Booking Sites Come Under Fire From Magecart","datePublished":"2019-09-20T14:43:51+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/hotel-booking-sites-come-under-fire-from-magecart\/"},"wordCount":717,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/hotel-booking-sites-come-under-fire-from-magecart\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/09\/hotel-booking-sites-come-under-fire-from-magecart.png","keywords":["headline,privacy,bank,cybercrime,data loss,fraud,backdoor"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/hotel-booking-sites-come-under-fire-from-magecart\/","url":"https:\/\/www.threatshub.org\/blog\/hotel-booking-sites-come-under-fire-from-magecart\/","name":"Hotel Booking Sites Come Under Fire From Magecart 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/hotel-booking-sites-come-under-fire-from-magecart\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/hotel-booking-sites-come-under-fire-from-magecart\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/09\/hotel-booking-sites-come-under-fire-from-magecart.png","datePublished":"2019-09-20T14:43:51+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/hotel-booking-sites-come-under-fire-from-magecart\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/hotel-booking-sites-come-under-fire-from-magecart\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/hotel-booking-sites-come-under-fire-from-magecart\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/09\/hotel-booking-sites-come-under-fire-from-magecart.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/09\/hotel-booking-sites-come-under-fire-from-magecart.png","width":770,"height":578},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/hotel-booking-sites-come-under-fire-from-magecart\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,privacy,bank,cybercrime,data loss,fraud,backdoor","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlineprivacybankcybercrimedata-lossfraudbackdoor\/"},{"@type":"ListItem","position":3,"name":"Hotel Booking Sites Come Under Fire From Magecart"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/29215","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=29215"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/29215\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/29216"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=29215"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=29215"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=29215"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}