Thousands of customers may have had their credit card data stolen in a hack on 6,500 online stores

Tens of thousands of customers may have had their credit card information stolen in a data breach affecting at least 6,500 online stores

A hack on a software company has endangered credit card data for thousands
The attack targeted at least 6,500 online stores including one for Sesame Street
The hacked company, Volusion, provides infrastructure for 30,000 merchants

Published: 22:43 BST, 8 October 2019 | Updated: 22:43 BST, 8 October 2019

Hackers may have absconded with tens of thousands of online shoppers’ credit card information in an attack on cloud infrastructure company, Volusion.

According to ZDNet, multiple cyber security firms have confirmed the hack on Volusion, a software company that claims to provide infrastructure for more than 30,000 merchants.

Among the affected parties are the Sesame Street Live online store which sells various merchandise from the popular kids show and the official website for the late painting icon, Bob Ross.

A list of the confirmed affected stories can be viewed here.

Hackers breached a cloud infrastructure company that boasts more than 30,000 customers in an attempt to scrape credit card information from online stores (Stock photo)

ZDNet reports that hackers were able to steal the credit card information of online customers by inserting malicious code into Volusion’s servers.

That code was designed to record and transfer credit card numbers entered into online forms and was embedded into Volusion’s servers this week.

MailOnline’s request for comment on the breach was not returned before time of publication.

According to ZDNet, the hack qualifies as what’s known as a Magecart attack in which attackers are able to skim card information from a website.

WHAT IS A MAGECART ATTACK?

Magecart attacks are a type of hack that focuses on e-commerce.

Attackers typically target online stores with the goal of scraping and stealing credit card information.

The number of such attacks has been growing in recent years with many companies unaware that their servers have been compromised.

Hacks may persist for weeks, months, or even years without being noticed.

The number of such hacks has been increasing, researchers say, and has affected more than 18,000 online stores in the pas few months.

A now infamous Magecart attack on British Airways compromised nearly 400,000 customers’ credit car information last year.

According to the security firm RiskIQ, Magecart hacks have become particularly perilous for e-commerce companies since they often don’t have access to the underlying code that runs their online stores.

This allows hackers to remain undetected in servers for long periods of time that can range from weeks, to months, or even years.

‘Skimming code can exist on a breached website for weeks, months, or even indefinitely, victimizing any visitor that makes purchases on that site,’ writes RiskIQ.

HOW TO CHECK IF YOUR EMAIL ADDRESS IS COMPROMISED

Have I Been Pwned?

Cybersecurity expert and Microsoft regional director Tory Hunt runs ‘Have I Been Pwned’.

The website lets you check whether your email has been compromised as part of any of the data breaches that have happened.

If your email address pops up you should change your password.

Pwned Passwords

To check if your password may have been exposed in a previous data breach, go to the site’s homepage and enter your email address.

The search tool will check it against the details of historical data breaches that made this information publicly visible.

If your password does pop up, you’re likely at a greater risk of being exposed to hack attacks, fraud and other cybercrimes.

Mr Hunt built the site to help people check whether or not the password they’d like to use was on a list of known breached passwords.

The site does not store your password next to any personally identifiable data and every password is encrypted

Other Safety Tips

Hunt provides three easy-to-follow steps for better online security. First, he recommends using a password manager, such as 1Password, to create and save unique passwords for each service you use.

Next, enable two-factor authentication. Lastly, keep abreast of any breaches

READ SOURCE