Volusion Data Breach – Comments

It has been reported that hackers have breached the infrastructure of Volusion, a provider of cloud-hosted online stores, and are delivering malicious code that records and steals payment card details entered by users in online forms. More than 6,500 stores are impacted, but the number could be even higher. In a press release published last month, Volusion claimed it had more than 20,000 customers. The most notable compromise is the Sesame Street Live online store, which has been taken down earlier today after another journalist reached out. At the time of writing, the malicious code is still on Volusion’s servers and is still being delivered to all of the company’s client stores.

Deepak Patel, Security Evangelist,  PerimeterX
October 11, 2019
Deepak Patel, security evangelist with PerimeterX
Magecart attacks compromise third-party vendor code to cast a wider net and harvest personally identifiable information (PII) from unsuspecting users. While Magento is the most targeted platform, we are now seeing Magecart attacks on platforms like Volusion. Website owners are highly dependent on e-commerce platforms like Magento and Volusion, but this can make their websites vulnerable to client- ....
[Read More >>]
Ilia Kolochenko, Founder and CEO,  ImmuniWeb
October 10, 2019
Properly implemented continuous security monitoring could have prevented this incident.
One more sharp reminder about the immense security risks related to third-parties and cloud. Properly implemented continuous security monitoring could have prevented this incident, however, until the formal investigation is over it would be premature to make any conclusions. One thing is clear, Volusion, breached stores, their customers and banks that issued the compromised cards, are doomed for e ....
[Read More >>]
Sam Curry, Chief Security Officer,  Cybereason
October 10, 2019
The Volusion card skimming breach is yet another wake up call to the industry.
The Volusion card skimming breach is yet another wake up call to the industry and all cloud service providers to keep increasing cost to break, invest in making breach extent as contained as possible and for God's sake keep Bert and Ernie safe! The best measure of practical security is cost to break, and the equation is simple: value of target divided by cost to break. If moving to the cloud mad ....
[Read More >>]
Leigh Anne Galloway, Cybersecurity Resilience Lead,  Positive Technologies
October 10, 2019
However, it has to be remembered that more websites than you think now contain an e-commerce function.
While a website might appear to wholly belong to one brand to the consumer, in reality most websites include multiple plugins from different suppliers. This breach demonstrates the potential damage that can be done if just one trusted third party provider is compromised. In this case, Volusion has 20,000 customers, so 20,000 websites could potentially be compromised. E-commerce sites are at parti ....
[Read More >>]
Richard Walter, CTO,  Censornet
October 10, 2019
It’s not a new type of attack, we saw the same techniques used against British Airways and Ticketmaster last year.
This is another case of a Magecart attack against a third party provider used by thousands of sites, rather than a specific store. In this case, hackers gained access to Volusion’s Google Cloud architecture and modified a Javascript file to include malicious code. In doing so, attackers may have gained access to all of the highly sensitive card data that Volusion has access to. It’s not a ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments

In this article