A hacker has stolen at least 31 SQL databases containing 1,620,000 (1.6 million) rows of information relating to the customers of online shops.
The hacker is offering samples of the data which, depending on the online shop, may reveal full names, usernames, email addresses, dates of birth, physical addresses, gender, account status, history and more, from each of the extorted e-commerce websites to prove the validity of the data and ramp up the pressure that is exerted on the database owners.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
At ImmuniWeb, we first detected a database encrypting ransomware attack in 2015.
Since then, both the number and the sophistication of such attacks has skyrocketed. Many cyber gangs now leverage Machine Learning capabilities to better and faster detect outdated web applications in the Internet. They rapidly compromise, backdoor and even patch the vulnerability in a silent and seamless manner to preclude rival hacking groups from taking over the victim’s website. In today\’s pandemic bolstered e-commerce sector, however, most of the newly deployed web applications are insecure and vulnerable. We will likely see a protracted surge of new attacks targeting careless web shops. Most of them are unfortunately poised to be highly successful, and costly for the victims.
To help address the spiraling web hacking activities of this kind, at ImmuniWeb we offer a free website security test to check compliance with GDPR and PCI DSS requirements and tests for over 12,000 security vulnerabilities for 200+ CMS and 150,000+ their plugins.