Security researchers discovered magecart skimming malware on Forbes magazine subscription website.
The malicious code was spotted by security researcher Troy Mursch, co-founder of Bad Packets on May 15.
The script steals users card numbers, expiry date, CVV/CVC verification codes, names, addresses, phone numbers and email.
The payment page was taken down at around 1400 UTC May 16 and is still offline.
A Forbes spokesperson told El Reg that the investigation is still ongoing and till there is no evidence that any of the user’s card information was stolen.
They also advised recent subscribers to be aware and check their account transactions for any fraudulent activities.
According to reports, there are possibilities the Forbes could be the Victim of the recent supply chain attack.
Earlier this week security researcher Willem de Groot reported that hackers compromised Open source Alpaca Forms and analytics service Picreel and infected over 4,600 websites with malicious code.
Forbes is one of the customers of Picreel and more than 1200 records of Picreel customers was leaked online. Hackers may have used leaked data to inject skimmer to script to Forbes website.
You may be interested in reading: WhatsApp Critical Flaw Allowed Installation of Spyware on to Phones