In another breach incident, hackers gained access to Volusion, an e-commerce website, and delivered a malware by which they can record and steal payment card details of the users.
According to ZDNet, the malware could have targeted more than 6500 stores, but the number can go higher. Hackers gained access to Volusion’s Google Cloud mechanism and then planted malware, which can record the card details of the users. Most affected from the attack was the Sesame Street Live online store, which was taken down.
Volusion was started by Kevin Sproles in 1999 and provided a platform to over 30,000 merchants, with 185 million orders and over 28 billion dollars in sales, through their online stores.
The malware, then quietly records the card details on the checkout page and can exist on the website for weeks at length. As per RiskIQ’s report, Magecart malware has been active for nearly ten years, after being discovered back in 2010 and since then has targeted over 18,000 websites.
However, this is the first time that the Magecart attacks have been traced to the Google Cloud infrastructure. Usually, the hackers target e-commerce websites which are outdated and exploit the vulnerabilities present in the sites. The hackers, sometimes, also target cloud-based websites which provide analytics, widgets and ads.
Breaches are commonplace in the digital world, and millions of users as well as several organisations — both government and private — have suffered because of it. In August, online marketplace Poshmark was breached, compromising personally identifiable data of an undisclosed number of users. Last month, DoorDash’s database was accessed by an unauthorised third-party, compromising 4.9 million users accounts.