[BreachExchange] Card data from the Volusion web skimmer incident surfaces on the dark web

Destry Winant destry at riskbasedsecurity.com
Fri Mar 13 10:02:23 EDT 2020


https://www.zdnet.com/article/card-data-from-the-volusion-web-skimmer-incident-surfaces-on-the-dark-web/

Card data stolen last year from Volusion-hosted online stores has
surfaced on the dark web, Gemini Advisory, a threat intel firm
specialized in fraud detection, reported today.

The stolen card data relates to a security breach that ZDNet reported
last year, in October 2019.

At the time, hackers breached the servers of Volusion, a Shopify-like
platform that provides hosting for online stores.

Hackers breached one of the company's servers and placed malicious
JavaScript code that was eventually loaded on some of the company's
customer stores.

The malicious code, as analyzed and confirmed by multiple parties,
recorded payment card details entered entered in checkout forms.

EXACT NUMBER OF IMPACTED STORES: 6,589

The Volusion hack was discovered on October 8, 2019, but Gemini
researchers said today in a report shared with ZDNet that the breach
dated back to a month earlier, on September 7.

Furthermore, researchers also said they found the malicious code to
only 6,589 of Volusion's stores, reducing the impact of the breach's
initially reported size of 20,000 potentially impacted stores.

However, while the breach was smaller, it wasn't less impactful.
Gemini Advisory said today the stolen card data was uploaded a month
later, in November 2019, on a dark web hacking forum where it has been
up for sale ever since.

Gemini Advisory said it suspects that hackers might have gotten their
hands on almost 20 million payment card details during last year's
hack, but, for now, it only tracked 239,000 Card Not Present (CNP)
records back to Volusion-based stores.

Some of the card details have been sold, Gemini said, estimating that
the hackers made nearly $1.6 million in revenue.

In subsequent report following ZDNet's coverage, Trend Micro later
attributed the hack to a group known as FIN6, also believed to have
been behind other web-skimming (Magecart) incidents, such as British
Airways and retail giant Newegg.

A Volusion representative was not immediately available for comment.


More information about the BreachExchange mailing list