Hackers have done it again, making off with the credit card data belonging to “tens of thousands of online shoppers“, after an online cloud provider called Volusion fell victim to a data breach.
According to tech blog ZDNet, who first posted about this issue on 8th October, the malicious attack has already been confirmed by numerous cyber security companies. Volusion provide cloud infrastructure for over 30,000 online retailers, meaning that this attack is very widespread. The full list of online retailers affected is too long to share in a single post, but includes a vast number of small, independent stores.
Cyber criminals were able to inject malicious code into the servers that host Volusion’s infrastructure, which in turn meant that credit card numbers entered into websites hosted on those servers could be siphoned off. This code was built specifically to record and transmit any card information input into online forms.
ZDNet confirmed that the hack was called a ‘Magecart attack’, which we understand is the method used by hackers to siphon off card data from online websites; it’s a popular technique in the cyber criminal world. Some sources say that such attacks have been on the increase, with over 18,000 online retailers being hit in the past few months alone.
And it’s not just limited to smaller retailers with less stringent security; just last year, a huge Magecart attack hit British Airways, leading to around 400,000 customers’ card data being compromised.
The problem for retailers who host their infrastructure with such cloud companies is that they often don’t have direct control over the source code that underpins their websites. This means that hackers can potentially gain access to a server and lie in wait for long periods of time.
“Skimming code can exist on a breached website for weeks, months, or even indefinitely, victimizing any visitor that makes purchases on that site (…)”RiskIQ, who confirmed the increase in Magecart attacks
Unfortunately, there is no way of telling whose cards have been affected by the hack, but you can find a full list of retailers that were affected here. If you’ve recently used one of the affected stores, then it’s worth keeping an eye on your credit card statements just to be sure nothing dodgy appears – or even request a new card if you’re sure that you’ve made a transaction on one of these websites.
While you can’t avoid attacks that bypass traditional computer software like this, you can protect yourself online to some extent by using anti-virus and malware programs. If you’d like more information about these, you can get in touch with WiseGuys on 0808 123 2820.