Card data from the Volusion web skimmer incident surfaces on the dark web

In September-October 2019, hackers planted malware to steal card data from 6,589 online stores.

dark-web-criminals-are-selling-tools-to-5cfa3c2ebd785600c3ec8089-1-jun-10-2019-9-34-29-poster.jpg

Card data stolen last year from Volusion-hosted online stores has surfaced on the dark web, Gemini Advisory, a threat intel firm specialized in fraud detection, reported today.

The stolen card data relates to a security breach that ZDNet reported last year, in October 2019.

At the time, hackers breached the servers of Volusion, a Shopify-like platform that provides hosting for online stores.

Hackers breached one of the company's servers and placed malicious JavaScript code that was eventually loaded on some of the company's customer stores.

The malicious code, as analyzed and confirmed by multiple parties, recorded payment card details entered entered in checkout forms.

Exact number of impacted stores: 6,589

The Volusion hack was discovered on October 8, 2019, but Gemini researchers said today in a report shared with ZDNet that the breach dated back to a month earlier, on September 7.

Furthermore, researchers also said they found the malicious code to only 6,589 of Volusion's stores, reducing the impact of the breach's initially reported size of 20,000 potentially impacted stores.

However, while the breach was smaller, it wasn't less impactful. Gemini Advisory said today the stolen card data was uploaded a month later, in November 2019, on a dark web hacking forum where it has been up for sale ever since.

Gemini Advisory said it suspects that hackers might have gotten their hands on almost 20 million payment card details during last year's hack, but, for now, it only tracked 239,000 Card Not Present (CNP) records back to Volusion-based stores.

Some of the card details have been sold, Gemini said, estimating that the hackers made nearly $1.6 million in revenue.

In subsequent report following ZDNet's coverage, Trend Micro later attributed the hack to a group known as FIN6, also believed to have been behind other web-skimming (Magecart) incidents, such as British Airways and retail giant Newegg.

A Volusion representative was not immediately available for comment.