Volusion Breach Results in Massive Credit Card Compromise Operation

  • Volusion has had its infrastructure breached by hackers, and now thousands of websites are in trouble.
  • The actors are dropping a JavaScript card skimmer which exfiltrates credit card details from payment forms.
  • Supply-chain attacks are becoming an increasingly dangerous trend of extreme effectiveness.

Hackers have managed to breach Volusion’s Google Cloud infrastructure, and they are dropping a malicious JavaScript file that steals payment card data from thousands of websites. Volusion is a company that creates e-commerce store and shopping cart software, the products of which are being used by more than 30000 merchants right now. According to the “compromise counter” that shows how many online marketplaces have had the stealer dropped on them, the number is just shy of 6600. This practically means that all of the credit card details that customers are entering on these web stores are getting exfiltrated to the servers that are controlled by the hackers.

Source: ZDNet

Of course, we can’t warn you about all of these websites, but we can give you a list with the most popular ones that are dangerous to buy anything from right now.

  • gtsimulators.com
  • myvaporstore.com
  • ejuiceconnect.com
  • cctvcamerapros.com
  • cctvcamerapros.com
  • skdtac.com
  • longislandwatch.com
  • armsunlimited.com
  • bravocompanyusa.com
  • ansgear.com
  • naturalfertilityshop.com

These websites can be sanitized at any moment, and more can be added at the top positions after a while. At the moment of writing this, these were the top locations that people should avoid buying something from, and especially using their credit card to do it.

We have been reporting about Magecart attacks at an increasing rate in the recent months, and this is representative of what’s going on out there. Last month, card skimming actors targeted hotel booking sites, in August they compromised more than 80 e-commerce shops, and earlier in the month, we presented a report by Malwarebytes which recorded 65000 credit card theft attempts in July alone. This latest incident is another example of a supply-chain attack, compromising a single target to gain access to thousands of websites. This time, the actors have found a way to access a goldmine of data, and that is always the point for them really.

If you want to buy goods or services online, prefer electronic payment methods that don’t involve giving away your credit card details, like PayPal for example. If paying with a credit card is your only option, ask your card issuer for an one-time-use “virtual” card that you can use in order to carry out online purchases safely. There are also locked-down, limited charging, pre-paid cards that can help you in situations like this.

Are you entering your debit and credit card details on e-commerce platforms, or do you prefer to use other payment methods? Let us know in the comments down below, or on our socials, on Facebook and Twitter.


Recent Articles

Amazon Prime Video Finally Gets Support for Multiple Profiles – Already Rolling Out in the USA & Around the World!

Prime Video now supports up to six individual profiles, all of which must be linked to one primary Amazon account. You’re free to...

“BlueLeaks” Portal Took Down and Server Seized by the German Police

“BlueLeaks” server located in Germany and seized by the authorities, so the portal is now down. The massive collection of US police...

Additional Evidence Points to the iPhone 12 Coming Without a Power Adapter & EarPods

A 3D concept rendering has surfaced online, showing the insert that will go into this year’s iPhone’s retail box. Once again, we see...

‘Freddie Mac’ Mortgage Loan Company Announces Data Breach

One of ‘Freddie Mac’s’ service vendors was hit by ransomware, and loan applicant data may have been compromised. The data includes sensitive...

HomePod Will Finally Let You Pick a Default App for Music Playback, Podcasts & Audiobooks

The newest HomePod beta software provides an option to set a default app for music playback, podcasts, and audiobooks. It means that HomePod...