UK financial technology company Checkout announced that the ShinyHunters threat group has breached one of its legacy cloud storage systems and is now extorting the company for a ransom.
The company says that although the stolen data affects a significant portion of its merchant base, it will not pay a ransom and will instead invest in strengthening its security.
Checkout operates checkout.com and is a global payment processing firm that provides a unified payments API, hosted payment portals, mobile SDK, and plugins to use on existing platforms.
It supports a multitude of payment methods and features fraud detection, identity verification (KYC), and provides a dispute system.
Its systems are incorporated into some of the world's largest businesses, including eBay, Uber Eats, adidas, GE Healthcare, IKEA, Klarna, Pinterest, Alibaba, Shein, Sainsbury's, Sony, DocuSign, Samsung, and HelloFresh, handling billions in merchandise revenue.
Checkout says ShinyHunters gained access to a third-party legacy system that had not been properly decommissioned, which held merchant data from 2020 and earlier, including internal operational documents and onboarding materials.
"Last week, Checkout.com was contacted by a criminal group known as "ShinyHunters", who claimed to have obtained data connected to Checkout.com and demanded a ransom," reads the company's announcement.
"Upon investigation, we determined that this data was obtained by gaining unauthorized access to a legacy third-party cloud file storage system, used in 2020 and prior years."
Checkout estimates that this affects less than 25% of its current merchant base, but the exposure extends to past customers too.
ShinyHunters is an international cybercrime group that exfiltrates data from large organizations, usually breaching them via phishing, OAuth attacks, or social engineering, and then demanding large payments not to publish the data.
... continue reading