The card details stolen from Volusion-hosted online stores last year have surfaced on the dark web. It was discovered by the researchers at threat intel firm Gemini Advisory.
Volusion is a privately-held technology company that provides e-commerce software and marketing and web design services for small and medium-sized businesses. The company which was established in 199 has more than 250 employees and have served around 180,000 customers.
It was in October 2019, that the hackers have compromised the infrastructure of Volusion and distributed malicious software skimmers to steal financial data provided by users. During that time, it was reported that more than 6,500 stores have been hacked and thousands of e-commerce platforms have been compromised.
According to the report published by the Gemini Advisory, the analysts have found 239,000 compromised Card Not Present (CNP) records put up for sale in the dark web since November 2019. This has impacted hundreds of different merchants with websites linking to the 6,589 online stores compromised by the Volusion breach.
It is estimated that the hackers have managed to generate $1.6 million in revenue from these stolen payment cards, and the breach has exposed up to 20 million records.
The discovery was made by Check Point security researcher Marcel Afrahim and has shared his findings in a blog post.
According to Gemini Advisory, 98,97% of the 239,000 records already sold on the dark web were related to cards issued in the US.