430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Card data stole from the Volusion security breach surfaces on the dark web

Security experts have discovered that card data stolen last year from Volusion-hosted online stores is now available for sale on the dark web. Experts from the threat intel firm Gemini Advisory have discovered that card data stolen last year from Volusion-hosted online stores have surfaced on the dark web. Volusion is a privately-held technology company that […]

Volusion stolen card data

Security experts have discovered that card data stolen last year from Volusion-hosted online stores is now available for sale on the dark web.

Experts from the threat intel firm Gemini Advisory have discovered that card data stolen last year from Volusion-hosted online stores have surfaced on the dark web.

Volusion is a privately-held technology company that provides e-commerce software and marketing and web design services for small and medium-sized businesses. The company has over 250 employees and has served more than 180,000 customers since its founding in 1999.

In October 2019, hackers have compromised the infrastructure of Volusion and distributed malicious software skimmers to steal payment card data provided by users. At the time of the attack, experts reported that more than 6,500 stores have been hacked, but they speculated that tens of thousands of e-commerce platforms may have been compromised.

“Analysts discovered 239,000 compromised Card Not Present (CNP) records offered for sale in the dark web from November 2019 to the present. They affected hundreds of different merchants with websites linking to the 6,589 online stores compromised by the Volusion breach.” reads the report published by Gemini Advisory.”Fraudsters have currently generated $1.6 million USD in revenue from these stolen payment cards, with the breach potentially exposing up to 20 million records. “

The discovery was made by Check Point security researcher Marcel Afrahim that shared his findings in a blog post on Medium.

While analyzing the checkout page the expert noticed that all the resources were loading from sesamestreetlivestore.com or volusion.com affiliated websites, except for an odd javascript file being loaded from storage.googleapis.com having bucket name of volusionapi

This suggests that hackers gained access to Google Cloud infrastructure of Volusion, they were able to inject in JavaScript file the malicious code that siphons payment card details.

The compromised script was located at https://storage.googleapis.com/volusionapi/resources.js and is loaded on Volusion-based online stores via the /a/j/vnav.js file.

Now, a new report reveals that hackers collected $1.6 million from selling more than 239,000 payment card records on the dark web that were stolen from 6,589 compromised stores.

Gemini Advisory reported that attackers started selling the card data stored from the Volusion infrastructure since November.

According to experts from Trend Micro, the attack was carried out by the cybercrime group tracked as FIN6, it likely started on September 7, 2019.

According to the researchers, the security breach may have exposed up to 20 million records, with a potential maximum value of $133 million USD.

“Given this figure, the maximum profit potential would be as high as $133.89 million USD. The overwhelming and continually rising dark web demand for CNP records indicates a staggering profit potential for the perpetrators of this security incident.” continues the report.

The analysis of the impacted domains reveals that 5,893 were registered in the U.S., followed by 183 registered in Canada.

According to Gemini Advisory, 98,97% of the 239,000 records already sold on the dark web were related to cards issued in the US.

“As more records make their way to the dark web and more merchants are confirmed to have been compromised via Volusion, the full extent of what is likely to be one of the largest and most wide-ranging supply-chain breaches to date will become clear.” concludes the report.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Volusion)

[adrotate banner=”5″]

[adrotate banner=”13″]