Skip to content

E-commerce store Volusion breached: Financial data stolen

  • by
  • 2 min read

In another breach incident, hackers gained access to Volusion, an e-commerce website, and delivered a malware by which they can record and steal payment card details of the users.

According to ZDNet, the malware could have targeted more than 6500 stores, but the number can go higher. Hackers gained access to Volusion’s Google Cloud mechanism and then planted malware, which can record the card details of the users. Most affected from the attack was the Sesame Street Live online store, which was taken down.

Volusion was started by Kevin Sproles in 1999 and provided a platform to over 30,000 merchants, with 185 million orders and over 28 billion dollars in sales, through their online stores.

Also read: What is code-signed Malware and ways to protect your device

Magecart Attack

This type of attack is known as Magecart attack or web skimming attacks, and users who do online transactions are particularly vulnerable to this attack. In this attack, hackers gain access to the websites — directly or through third-party — and then inject malware into the source JavaScript code.

The malware, then quietly records the card details on the checkout page and can exist on the website for weeks at length.E-commerce store Volusion breached: Financial data stolen As per RiskIQ’s report, Magecart malware has been active for nearly ten years, after being discovered back in 2010 and since then has targeted over 18,000 websites.

However, this is the first time that the Magecart attacks have been traced to the Google Cloud infrastructure. Usually, the hackers target e-commerce websites which are outdated and exploit the vulnerabilities present in the sites. The hackers, sometimes, also target cloud-based websites which provide analytics, widgets and ads.

Breaches are commonplace in the digital world, and millions of users as well as several organisations — both government and private — have suffered because of it. In August, online marketplace Poshmark was breached, compromising personally identifiable data of an undisclosed number of users. Last month, DoorDash’s database was accessed by an unauthorised third-party, compromising 4.9 million users accounts.

In the News: Twitter ‘unintentionally’ used your personal information for ad targeting

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: