Volusion's online stores scam results in card data surfaced on the dark web


In September-October 2019, hackers planted malware to steal card data from 6,589 online stores. The stolen card info relates to a security breach that ZDNet reported in October 2019. At the time, hackers breached the servers of Volusion, a Shopify-like platform that provides hosting for online stores. As one of the company's servers was breached, hackers placed malicious JavaScript code that was eventually loaded on some of the Volusion's customer stores. The malicious code recorded payment card details entered in checkout forms.

The Volusion hack was discovered on 8 October 2019, but Gemini researchers said in a report that the breach dated back on 7 September. Also they found the malicious code to only 6,589 of Volusion's stores, reducing the impact of the breach's initially reported size of 20,000 potentially impacted stores. Gemini Advisory noted that the stolen card data was uploaded in November 2019, on a dark web hacking forum where it has been up for sale ever since. For now, Gemini Advisory tracked 239,000 CNP records back to Volusion-based stores, and they suggested that some of the card details have been sold, estimating that the hackers made nearly USD 1.6 million in revenue.
the paypers logo

The Paypers is the Netherlands-based leading independent source of news and intelligence for professional in the global payment community.

 

The Paypers provides a wide range of news and analysis products aimed at keeping the ecommerce, fintech, and payment professionals informed about the latest developments in the industry.

 



No part of this site can be reproduced without explicit permission of The Paypers (v2.7).

Privacy Policy / Cookie Statement

Copyright