Volusion's online stores scam results in card data surfaced on the dark web

Monday 16 March 2020 12:31 CET | News

Card data stolen in 2019 from Volusion-hosted online stores has surfaced on the dark web, threat intel company specialised in fraud detection Gemini Advisory reported.

In September-October 2019, hackers planted malware to steal card data from 6,589 online stores. The stolen card info relates to a security breach that ZDNet reported in October 2019. At the time, hackers breached the servers of Volusion, a Shopify-like platform that provides hosting for online stores. As one of the company's servers was breached, hackers placed malicious JavaScript code that was eventually loaded on some of the Volusion's customer stores. The malicious code recorded payment card details entered in checkout forms.

The Volusion hack was discovered on 8 October 2019, but Gemini researchers said in a report that the breach dated back on 7 September. Also they found the malicious code to only 6,589 of Volusion's stores, reducing the impact of the breach's initially reported size of 20,000 potentially impacted stores. Gemini Advisory noted that the stolen card data was uploaded in November 2019, on a dark web hacking forum where it has been up for sale ever since. For now, Gemini Advisory tracked 239,000 CNP records back to Volusion-based stores, and they suggested that some of the card details have been sold, estimating that the hackers made nearly USD 1.6 million in revenue.

Source: Link

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords:	cards, data, Volusion, web skimmer, dark web, online stores, fraud detection, malware, CNP, payment card, card data
Categories:	Fraud & Financial Crime
Companies:
Countries:	World

This article is part of category

Fraud & Financial Crime

::: more

Free Headlines	::: subscribe now
RSS	::: follow ThePaypers via RSS ::: connect
LinkedIn	::: connect with ThePaypers on LinkedIn ::: connect
Twitter	::: follow ThePaypers on Twitter ::: follow
Facebook	::: like ThePaypers on Facebook ::: like

Volusion's online stores scam results in card data surfaced on the dark web

Free Headlines in your E-mail

Fraud & Financial Crime

Voice of the Industry

Industry Spotlight – ISO 20022: the catalyst for payments modernisation

Indonesia: 2025 analysis of payments and ecommerce trends

Fast fashion brands partner with PSPs to gain consumer trust

What's ahead for banking with the European Digital Identity Wallet

Tokenized trust: rethinking corporate KYC with digital identity tokens

Interviews

Riverty's take on debt purchase and upcoming regulations to boost financial healthcare

Responsible lending and the challenges of fraud in this industry

[Video interview] Finance & data privacy: why verifiable proofs matter more than sensitive data – insights with Anthony Day

The future of real-time payments

Strategies to ensure customer retention | Exclusive interview with foodora

Industry Events

The Paypers

This Site

Contact Information

Legal Information