Volusion Payment Platform Sites Hit by AttackersSesame Street Live Among Sites Hit by Card-Skimming Attacks, Researcher Warns
(Editor's Note: Story updated with response from Volusion.)
See Also: Threat Briefing: Ransomware
A security researcher has uncovered credit card skimming attacks targeting websites that use a cloud-based payment platform from Volusion.
"The most obvious threat actor that is currently famous for card skimming and compromising … e-commerce websites is Magecart, which has the history of using Vultr Holdings data centers (just live Volusion-Cdn[.]com) and using public cloud storage to host their malicious scripts," Afahim says.
Afahim discovered the attack against the check-out site for Sesame Street Live this week, although these incidents could have started as far back as Sept. 12. The payment function for the Sesame Street Live online store remained offline Wednesday.
On Thursday, a spokesperson for Volusion told Information Security Media Group that the attacks had been stopped within a few hours of the company being notified, but that an investigation was still underway.
"A limited portion of customer information was compromised from a subset of our merchants. This included credit card information, but not other associated personally identifying details. We are not aware of any fraudulent activity connected to this matter," the spokesperson says. "Volusion has taken action to help secure accounts, and we are continuing to monitor this matter in order to assure the security of our merchants."
Trend Micro researchers are also looking into these incidents
@Volusion Hi! We sent you a Direct Message. Looking forward to your reply.— Trend Micro Research (@TrendMicroRSRCH) October 7, 2019
Stealing Credit Card Data
This malicious code is proficient at sweeping up payment card data, including name, card number, expiration date and CVV information, researchers say.
"The compromise is not unique to Sesame Street store, and most likely any e-commerce website hosted on Volusion is probably running malicious code and posting the credit card info of the consumers to the outsider domain," Afahim says.
Magecart on the Rise
Over the past year, RiskIQ has detected Magecart-linked code over 2 million times and over 18,000 domains have been breached as a result.
RiskIQ researchers declined to comment on the attacks targeting Volusion. But Jordan Herman, a threat researcher with the firm, previously told Information Security Media Group that Magecart typically targets small firms in order to access the payment details of customers shopping with much larger companies.