Hackers have breached the infrastructure of Volusion, a provider of cloud-hosted online stores, and are delivering malicious code that records and steals payment card details entered by users in online forms.
More than 6,500 stores are impacted, but the number could be even higher. In a press release published last month, Volusion claimed it had more than 20,000 customers. The most notable compromise is the Sesame Street Live online store, which has been taken down earlier today after another journalist reached out. At the time of writing, the malicious code is still on Volusion’s servers and is still being delivered to all of the company’s client stores.
Hackers breach Volusion, a cloud-based provider of online stores, to collect card details from thousands of site
—up to 6.5k stores impacted (including Sesame Street online store)
—hackers altered a JS file hosted on the company's Google Cloud accounthttps://t.co/UTOZZ9Af0O pic.twitter.com/DpR85XaZe3
— Catalin Cimpanu (@campuscodi) October 8, 2019
Experts have commented on the breach below:
Experts Comments
Linkedin Message
@Tim Erlin, VP of Product Management and Strategy , provides expert commentary at @Information Security Buzz.
"Data shows that since the introduction of EMV or chip cards, fraud has actively moved from card-present to card-not-present...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-comments-on-hackers-steal-card-details-from-thousands-of-volusion-sites
Facebook Message
@Tim Erlin, VP of Product Management and Strategy , provides expert commentary at @Information Security Buzz.
"Data shows that since the introduction of EMV or chip cards, fraud has actively moved from card-present to card-not-present...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-comments-on-hackers-steal-card-details-from-thousands-of-volusion-sites
Linkedin Message
@Javvad Malik, Security Awareness Advocate, provides expert commentary at @Information Security Buzz.
"It\'s unclear how the Google services of Volusion were compromised...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-comments-on-hackers-steal-card-details-from-thousands-of-volusion-sites
Facebook Message
@Javvad Malik, Security Awareness Advocate, provides expert commentary at @Information Security Buzz.
"It\'s unclear how the Google services of Volusion were compromised...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-comments-on-hackers-steal-card-details-from-thousands-of-volusion-sites
Be part of our growing Information Security Expert Community (1000+), please register here.
Linkedin Message
@Felix Rosbach, Product Manager, provides expert commentary at @Information Security Buzz.
"Payment card details are extremely valuable data sets as fraud is easy to commit with stolen card information...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-comments-on-hackers-steal-card-details-from-thousands-of-volusion-sites
Facebook Message
@Felix Rosbach, Product Manager, provides expert commentary at @Information Security Buzz.
"Payment card details are extremely valuable data sets as fraud is easy to commit with stolen card information...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-comments-on-hackers-steal-card-details-from-thousands-of-volusion-sites