Credit Card Data From Volusion Hack Appears On Dark Web

The experts from the threat intel firm, Gemini Advisory have found that card data stolen last year from Volusion-hosted online stores have surfaced on the dark web.

Volusion is a secretly-held technology company that implements e-commerce software and marketing and web design services for small and average-sized businesses.

Hence, the company has over 250 agents and has assisted more than 180,000 customers since it’s established in 1999.

The Hackers breached Volusion servers and injected ill-disposed JavaScript code, which compelled its way onto customer store websites, where it entered payment card details when they accessed into checkout forms.

However, the hack was detected in October, but researchers say the exact breach occurred a month earlier, in September. The code was discovered in 6,589 stores but was formerly thought to have influenced 20,000 stores. 

Investigators believe that the hackers may have gained access to about 20 million payment card details, but they’ve trailed about 239,000 Card not present back to the source. It’s expected that the hackers got about $1.6 million in data from the stolen card data.

The hack was assumed to be performed by a hacking club called FIN6, who are supposedly involved with other significant violations, similar to British Airways, and Newegg.

Well, Hacks like the Volusion one are growing more and more common, and don’t just change servers as government websites, and banking sites are also frequent targets of them.

The stolen card data has been uploaded around one month later, on a dark web hacking panel, and it’s been for sale since then.

However, while the violation was smaller, it wasn’t less impactful. Thus, Gemini Advisory announced today that the stolen card data was uploaded almost a month later, in November 2019, on a dark web hacking panel where it has been up for sale.

Gemini Advisory also announced that it assumes that hackers may have gotten their hands on almost 20 million payment card details through last year’s hack, but, for now, it solely tracked 239,000 Card Not Present (CNP) records back to Volusion-based repositories.

Not only this, but some of the card details have also been sold, Gemini stated, considering that the hackers made approximately $1.6 million in revenue.

In this year, all four of Greece’s central banks were required to set security protocols after a data breach, and 15,000 user cards have eliminated. 

Basically, the user information was settled on a tourist website, and the Alpha Bank, Eurobank, Piraeus Bank, and the National Bank of Greece were all bound to cancel the cards.

Well, the banks confirmed the hack in a joint statement and said that a short number of users had been wrongly charged.

As the banks are attending an investigation into the matter to understand how it occurred, and that’s assumed to be accomplished this month.

So, what do you think about this? Simply share all your views and thoughts in the comment section below.

You can follow us on LinkedinTwitterFacebook for daily Cyber Security and hacking news updates.

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.