19:55 16 October 2016
Almost 6,000 online shops are unknowingly harbouring malicious code that hackers are using to steal the credit card details of customers. Dutch developer Willem De Groot scanned for a specific signature of data-stealing code in website software and was able to identify the 5,925 compromised websites. He claimed that some of the stolen data was sent to servers based in Russia.
His research found nine separate types of skimming code on sites, suggesting many different crime groups were involved. The code has become more sophisticated and is more effective in hiding itself making it harder to detect.
After the list of compromised websites was published, some stores had taken action to remove the skimming code to protect their customers. However, Mr De Groot said that not all stores are expected to follow suit.
"New cases could be stopped right away if store owners would upgrade their software regularly," wrote Mr De Groot. "But this is costly and most merchants don't bother."
He added: "I would recommend consumers to only enter their payment details on sites of known payment providers such as Paypal. They have hundreds of people working on security, the average store probably has none."