Tens of thousands of customers may have had their credit card information stolen in a data breach affecting at least 6,500 online stores
- A hack on a software company has endangered credit card data for thousands
- The attack targeted at least 6,500 online stores including one for Sesame Street
- The hacked company, Volusion, provides infrastructure for 30,000 merchants
Hackers may have absconded with tens of thousands of online shoppers’ credit card information in an attack on cloud infrastructure company, Volusion.
According to ZDNet, multiple cyber security firms have confirmed the hack on Volusion, a software company that claims to provide infrastructure for more than 30,000 merchants.
Among the affected parties are the Sesame Street Live online store which sells various merchandise from the popular kids show and the official website for the late painting icon, Bob Ross.
A list of the confirmed affected stories can be viewed here.
Hackers breached a cloud infrastructure company that boasts more than 30,000 customers in an attempt to scrape credit card information from online stores (Stock photo)
ZDNet reports that hackers were able to steal the credit card information of online customers by inserting malicious code into Volusion’s servers.
That code was designed to record and transfer credit card numbers entered into online forms and was embedded into Volusion’s servers this week.
MailOnline’s request for comment on the breach was not returned before time of publication.
According to ZDNet, the hack qualifies as what’s known as a Magecart attack in which attackers are able to skim card information from a website.
The number of such hacks has been increasing, researchers say, and has affected more than 18,000 online stores in the pas few months.
A now infamous Magecart attack on British Airways compromised nearly 400,000 customers’ credit car information last year.
According to the security firm RiskIQ, Magecart hacks have become particularly perilous for e-commerce companies since they often don’t have access to the underlying code that runs their online stores.
This allows hackers to remain undetected in servers for long periods of time that can range from weeks, to months, or even years.
‘Skimming code can exist on a breached website for weeks, months, or even indefinitely, victimizing any visitor that makes purchases on that site,’ writes RiskIQ.