Crooks have injected malicious code into 5925 online stores, enabling them to steal payment card details, according to a Dutch developer.
De Groot scanned a batch of 255,000 online stores last November, when he first heard about the scam. At the time he found 3501 compromised sites but by this September the number of victims had risen to 5925 and included Audi, pop star Bjork and Washington Cathedral.
Separately, fashion retailer Vera Bradley says that it has been told by law enforcement about a data breach that puts customer card details at risk. Cards used at the firm's shops between the end of July and end of September may have been affected.
Crooks appear to have accessed Vera Bradley's payment processing system and installed a program designed to find card numbers, cardholder names, expiration dates, and internal verification codes via mag stripes.