While the incident raised immediate concerns across the fintech sector, the company’s swift response and transparent communication have provided some reassurance to its merchant partners and customers.
The breach occurred when ShinyHunters exploited a legacy cloud storage system that had been abandoned since 2020.
Rather than being properly decommissioned, this outdated infrastructure remained accessible to attackers, containing sensitive internal records and merchant onboarding information.
According to Checkout.com’s investigation, approximately 25% of the company’s current merchant base could be affected by the data exposure.
The cybercriminals contacted the company last week with a ransom demand, effectively forcing the company to conduct a thorough security investigation.
However, the good news is that Checkout.com’s active payment processing environment remained secure throughout the incident.
No payment card numbers, merchant bank funds, or live transaction data were compromised, significantly limiting the potential damage.
Mariano Albera, Chief Technology Officer at Checkout.com, took full responsibility for the company’s failure to shut down the legacy system properly.
This candid acknowledgment of the security lapse demonstrates the company’s commitment to transparency, a critical element in maintaining merchant trust during times of crisis.
Albera emphasized that Checkout.com is actively notifying all potentially affected parties and cooperating fully with law enforcement and regulatory authorities.
Rather than capitulating to ShinyHunters’ extortion demands, Checkout.com has taken a principled stance by firmly refusing to pay the ransom.
More impressively, the company has committed to donating the equivalent amount to cybersecurity research initiatives at prestigious institutions.
Carnegie Mellon University and Oxford University’s Cyber Security Center will receive these donations, furthering the fight against cybercrime on a broader scale.
This incident underscores a critical lesson for the entire fintech industry: legacy systems represent a significant security vulnerability if not properly decommissioned. C
heckout.com’s experience serves as a cautionary tale about the importance of comprehensive infrastructure management and the dangers of leaving outdated systems running unnecessarily.
The company has pledged to strengthen its security posture, support affected merchants, and maintain open communication channels for any concerns.
By refusing to reward cybercriminals and instead investing in security research, Checkout.com is positioning itself as an industry leader committed to systemic security improvements rather than enabling future attacks through ransom payments.
For merchants concerned about the breach, Checkout.com’s support lines remain open to address specific questions and provide assistance where needed.
Find this Story Interesting! Follow us on Google News, LinkedIn and X to Get More Instant Updates
The post Checkout.com Breach: ShinyHunters Hack Cloud Storage, Ransom Demand Rejected appeared first on Cyber Security News.
Sony and Marvel have today revealed just a little bit more of Spider-Man: Brand New…
Introducing Rock, Paper, Severed – a dark new horror game for 1-4 players that takes…
Threat actors are constantly hunting for infrastructure weaknesses, and a newly discovered batch of vulnerabilities…
Hackers are once again turning familiar tools against the very users who trust them. A…
A critical vulnerability in Palo Alto Networks PAN-OS is putting enterprise firewalls at risk, allowing…
The city of Charlotte, North Carolina, holds a ribbon cutting ceremony for a housing development…
This website uses cookies.