The malware used in this attack, Magecart, has been used in dozens of other high-profile incidents.

Magecart, a loose affiliation of attack groups responsible for payment-card attacks on Ticketmaster, Forbes, British Airways, Newegg and others, typically inserts virtual credit-card skimmers, also known as formjacking, into a web application (usually the shopping cart), stealing credit card information to sell on the black market.

The party in both instances was Roomleader, a Barcelona-based provider of digital marketing and web-development services.