Computer criminals have been able to breach the Volusion cloud-based online provider. The attack was made by an unknown hacking group and according to the reports they have been able to acquire payment card data that is stored on their servers.
Payment Card Data Stolen From Volusion Cloud Servers
The popular cloud-based services provider Volusion is a well-known company which provides the infrastructure needed in order to process online transactions. A recent breach has exposed the payment card data of of more than 20,000 customers who have purchased goods from shops that use their services. The total number of affected stores is over 6,500 and the exact figures are not known at the moment. The service posted a public press release which gave details about the incident. The hack was confirmed by an independent security company and reveals further information about the incident.
Their investigation reveals the way the hackers have been able to break through the defenses. It appears that the method of intrusion is a modified JavaScript file which was uploaded to the platform. It includes a malware code that has been found to hijack the card details which were entered into the online form fields.
The security researchers classify this incident as a online card skimming which is the web-based variant of this offline practice. Such attacks have increased noticeably in the last few years as computer groups have upgraded their toolkits that use automated exploits to take down target networks. The exact mechanism is because the criminals have embedded older version of the service code into their content management systems. In most cases these are plugins or connection code that allows the site owners to add extra functionality such as the following: analytics, widgets, advertisement networks, extra buttons and etc.
Martin Beltov
Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.
Follow Me: