ShinyHunters Extortion: Checkout.com Hacked via Neglected Legacy Cloud Storage
The payment service Checkout.com has faced an extortion attempt: the ShinyHunters group claimed to have obtained data linked to the company and demanded a ransom. The investigation revealed that the attackers had managed to infiltrate an old cloud-based file-storage system the company had used several years ago. This service, operated by a third-party provider, had never been properly decommissioned — an oversight that ultimately opened the door to compromise.
The breach did not affect the active payment platform but rather an archival storage system used prior to 2020. It contained internal documents, onboarding materials for new clients and other organisational files. According to the company’s assessment, the incident affected fewer than a quarter of its current client base. The live payments infrastructure — including card data and merchants’ access to funds — remained untouched, as that environment was completely isolated from the vulnerable system.
Checkout.com stresses that the responsibility lies entirely with them: the legacy service should have been retired and removed in due time. The company has begun identifying affected clients and is contacting them directly. In parallel, it is cooperating with law-enforcement authorities and regulatory bodies.
Despite the extortionists’ demands, Checkout.com refused to pay and stated that it will not yield to criminal pressure. Instead, the company decided to allocate a sum equivalent to the requested ransom to support research into cybercrime. The funds will be directed to two academic centres — the Carnegie Mellon and Oxford laboratories — which specialise in studying digital criminality and the methods used to combat it.
The company maintains that security and transparency are the foundation of trust in the payments industry. Checkout.com has pledged to correct its mistakes, strengthen its defences and assist clients affected by the incident. Representatives also remind merchants that they may contact their company liaison for any additional support.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
