Expert Comments

Experts Comments On Hackers Steal Card Details From Thousands Of Volusion Sites

Expert(s): Security Experts
Expert(s): Security Experts

Hackers have breached the infrastructure of Volusion, a provider of cloud-hosted online stores, and are delivering malicious code that records and steals payment card details entered by users in online forms.

More than 6,500 stores are impacted, but the number could be even higher. In a press release published last month, Volusion claimed it had more than 20,000 customers. The most notable compromise is the Sesame Street Live online store, which has been taken down earlier today after another journalist reached out. At the time of writing, the malicious code is still on Volusion’s servers and is still being delivered to all of the company’s client stores.

Experts have commented on the breach below:

Experts Comments

October 09, 2019
Felix Rosbach
Product Manager
comforte AG
The times of “we are just a small store – hackers won’t target us” are over. Payment card details are extremely valuable data sets as fraud is easy to commit with stolen card information. When hackers are able to breach cloud-based platforms - like Volusion in this case - they gain access to a huge amount of data sets by targeting hundreds of stores with a single attack.
October 09, 2019
Tim Erlin
VP of Product Management and Strategy
Tripwire
Thousands of organizations have offloaded the work and the risk for processing eCommerce transactions to third parties like Volusion. The concentration of credit card data in one place makes for an attractive target. Data shows that since the introduction of EMV or chip cards, fraud has actively moved from card-present to card-not-present, or from the point of sale systems to online eCommerce. We’ve made it harder, though not impossible, to create counterfeit cards, and criminals have.....Read More
Thousands of organizations have offloaded the work and the risk for processing eCommerce transactions to third parties like Volusion. The concentration of credit card data in one place makes for an attractive target. Data shows that since the introduction of EMV or chip cards, fraud has actively moved from card-present to card-not-present, or from the point of sale systems to online eCommerce. We’ve made it harder, though not impossible, to create counterfeit cards, and criminals have shifted their attention to easier avenues of attack.  Read Less
October 09, 2019
Javvad Malik
Security Awareness Advocate
KnowBe4
Compromising the supply chain is a common tactic used by many attackers. We've seen many attacks over the years that look to inject malicious code into trusted settings, such as into mobile phone App stores, Wordpress plugins, or other widgets. This attack against Volusion follows the same methodology where by compromising the infrastructure, all underlying sites and users become vulnerable. It's unclear how the Google services of Volusion were compromised, but it reinforces the fact that no.....Read More
Compromising the supply chain is a common tactic used by many attackers. We've seen many attacks over the years that look to inject malicious code into trusted settings, such as into mobile phone App stores, Wordpress plugins, or other widgets. This attack against Volusion follows the same methodology where by compromising the infrastructure, all underlying sites and users become vulnerable. It's unclear how the Google services of Volusion were compromised, but it reinforces the fact that no type of company is immune from attacks and therefore need to ensure security is embedded throughout the culture of every company.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.
SUBMIT

You may also like

DNA Testing Firm Discloses Data Breach Affecting 2.1 Million People

Data Hacked For 400,000 LA Patients

IKEA Suffering Ongoing “Reply-Chain” Email Attack

Cybersecurity Expert Reaction On UK’s Financial Regulator Scraps 90-day Authentication...

DNA Testing Firm Discloses Data Breach Affecting 2.1 Million People

Panasonic Becomes Latest Victim Of Data Breach – Security Expert...

Clearview’s £17 Million Fine For Processing 10+ Billion Images Is...

Booz Allen Report On CISOs And China Quantum Computing Risks,...

Experts Reactions On Sky Broadband Hack Warning

Ransomware Set To Break Records This Black Friday 2021

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts