Skip to main content
close search
site logo
Dive Brief

Researcher: Thousands of shopping sites hacked, card data skimmed

Published Oct. 13, 2016
By
Contributor

Dive Brief:

  • Dutch security researcher Willem De Groot said that almost 6,000 online shopping sites have been hacked since he began tracking them last year, with hackers leveraging malicious software to gain access customer payment details.
  • In a blog post, De Groot — co-founder and head of security at Dutch ecommerce site byte.nl — said that multiple culprits likely were able to skim credit cards used at online stores run by retailers, consumer brands, automakers, government entities and other parties, and that the number of shops where malicious code was found grew from about 3,500 in November 2015 to 5,900 in September 2016.
  • DeGroot, who started his analysis after his own card data was stolen, suggested that buyers from online stores only enter their card details through payment providers like PayPal, which he said would have dedicated security teams, while individual stores may not have anyone on their own IT team watching for hacks or bad code.

Dive Insight:

At a time when we are seeing so many new e-commerce technology innovations, from chatbot applications to voice-driven shopping and everything in between, the biggest e-commerce story of 2016 could very well be the rampant growth of e-commerce security attacks and threats.

Retail store payment terminal hacks, like the one just reported by retailer Vera Bradley, may still be getting more attention, but in some cases card data stolen in these types of incidents can lead to "card not present" fraud incidents at online shopping sites. In other cases, criminals may be setting out from the start to target online sites because EMV chip cards and terminals are making it harder to compromise in-store payments.

DeGroot's analysis uncovered some big-name brands, though it is unclear if the sites hacked belonged to any major retailers. Some of the companies mentioned are companies from other sectors that have an online store, though they may not keep an eye on the back door as well as some of the biggest retailers. It's also likely that many of them are smaller stores that likely would not have the security knowledge or team workforce talent to monitor and stop these episodes. DeGroot also notes in his blog post that some operators of online stores have made the foolish mistake of not upgrading security software on a regular basis.

Perhaps one of the most ominous things to learn from DeGroot's analysis is that multiple parties appear to be responsible for these thousands of hacks, and that at least a few different kinds of malicious software were used. E-commerce players are facing a big threat, growing larger and more varied as we speak. It's time to start playing tougher defense.

Recommended Reading

Filed Under: Technology, DTC

Editors' picks

Company Announcements

View all | Post a press release
Why In-Store Analytics will be the Game-Changer
From eyefactive.com
November 04, 2024
O2 Commerce and ZaneRay Unite to Redefine E-Commerce Innovation Across North America
From Actual Agency
November 04, 2024
Meet the Sidework Dispenser: Crafting Billions of Complex Drinks in Seconds, Now at Gregorys C…
From PR for Sidework
October 16, 2024
MINISO Brings Toronto a New IP Collection Store Filled with Magical Surprises
From MINISO
October 24, 2024
Editors' picks
Latest in Technology
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell