A bulk of confidential customer data that had been stolen last year from online stores and e-commerce platforms that were using Volusion is now doing significant rounds on various dark web platforms.
These findings are according to a report that has been issued out by Gemini Advisory, a New York anti-fraud related consultancy.
The very able researchers at Gemini were able to identify that about 240,000 records are in connection with the infiltration of online stores that used Volusion as a checkout point. The same report indicates that the sale of this information has amassed revenue of approximately $1.6 million.
This astounding figure goes to show how much of a killing darknet traders are making through the sale of this stollen data.
According to analysts, more than 6,500 e-commerce platforms have had their checkout points compromised in the course of this incident. Previously, alternative reports declared the hacking of over 20,000 online e-commerce platforms in the very same incident.
All in all, since the onset of the first reported case, back in October 2019, an average of around 20 million private customer records could have possibly been stolen. Later reports allege that the operation began as early as September.
The alarming discovery was that the fraudsters had attached a malicious JavaScript program into the checkout points of these online stores over several months.
According to a statement released by the intelligent product analyst at Gemini, Mr Christopher J.S. Thomas, the 239,000 records connected with this incident that are available for purchase on the dark web are comparatively higher than other similar cases.
Mr. Christopher continued to state that given the many hacked online merchants, more stolen information is much likely to surface. This magnitude would undoubtedly classify this as a major breach.
Links to Magecart
According to the intense investigative procedures conducted by Gemini and an associate security firm, Trend Micro, the most likely culprits with the motive and the ingenuity to carry out the hack is a notorious group behind the major credit card skimming operation known as Magecart.
In recent times, the skimmers garnered a reputation for infiltrating the e-commerce platforms of successful companies. A few notable mentions from their recent victims over the past two years include British Airways, Ticketmaster, and Newegg.
In this particular attack, the online hackers attached a malicious JavaScript program, commonly known as JavaScript skimmers or sniffers, into the code of the cloud storage service called storage.googleapis.com.
The achievement of this allowed Magecart to phish out personal information from online checkout sites easily. According to Gemini, some of the info siphoned in the course of this malicious undertaking include customer payment data, names as well as contact information.
A detailed account from the report suggests that malicious code that closely resembled the original was pegged onto the Volusion JavaScript library. This mimic code, however, included a payment card skimmer that transferred card details to the hacker group's server.
The server used by the hacker group was 'volusion-cdn[.]com'. They used this server intentionally to mimic the original server to avoid detection.
Nearly all of the stolen data came from American customers. Some of the online merchants that fell victim to the breach include Marine Sanitation and Supply, Monster Jam Store, and Sunshine Golf. What was possibly the strangest discovery is that Sesame street's Live online store also had the same malicious JavaScript.
The Rampant Prevalence of Information Theft
In the advent of modern-day cybercrime, cybersecurity agencies like Gemini are noting a plethora of stolen personal data surfacing on the dark web forums for sale. Just October last year, Gemini uncovered a collection of about 1.3 million credit and debit cards listed for sale on a dark web platform identified as Joker's Stash.
The details mostly belonged to customers in Indian banks. A later report on the same disclosed that the same dark web forum, Joker's Stash, listed up to around 30 million payment card details from 40 states. This stolen information was in connection with the Wawa convenience store security breach that occurred in December 2019.
A security expert from Gemini insisted that the adoption of authentication protocols such as the EMV 3D Secure would go a long way in ensuring that online fraudsters are unable to access the funds from the stolen card information.
The situation on the ground, however, is that most online e-commerce platforms do not comply with EMV adoption standards. This inefficiency creates a loophole through which fraudsters fully exploit.
You can join the discussion on Dread or Tape forum.
