The technique, known as Magecart, has grown in popularity among hackers for its mix of relative simplicity and effectiveness. They don’t have to do much more than insert rogue scripts (pointed to remote command-and-control servers) and wait for people to go shopping. From there, they can use the info to make fraudulent purchases, make clone cards and sell the data on the black market.

Don’t expect these kinds of attacks to subside any time soon. They’ve been used against numerous major brands, including British Airways, Newegg and Ticketmaster. Until online stores are airtight against techniques like Magecart, they’ll be tempting targets.