Volusion, a popular eCommerce platform choice for online merchants, was recently the victim of a hack, exploiting credit card data. The hackers were able to successfully compromise Volusion’s infrastructure, allowing skimmers to capture shopper’s credit card information. Reports show that over 25% of Volusion’s customer base have been affected, but that number may be as high as 50%.
Check Point security researcher Marcel Afrahim uncovered the breach, and shared via a blog post on Medium: https://blog.usejournal.com/sesame-street-volusion-customers-are-comprised-how-the-cookie-monster-is-stealing-cc-numbers-21eb51ec613b
Marcel discovered that some Volusion stores, Sesame Street’s in particular, contained well-hidden Javascript that read values typed in credit card fields in checkout. This information was then sent out to the attacker’s domain. It was so well-hidden, in fact, that reports of initial compromise are dating back to as early as September 12th.
Volusion has since addressed the exploit. If you are experiencing any issues with your checkout due to the fix, or have any concerns about the safety of your data, MAK Digital Design is here to help!