Did you buy something from the National Republican Senatorial Committee in the past six months? If yes, there’s a good chance that your credit card information is being sold online by Russian hackers right now.
Security researcher Willem de Groot discovered that customer information hackers skimmed customer information from nearly 6,000 sites, including the NRSC site, with the help of a Javascript malware exploit. He estimates online card skimming has increased 69 percent since last year.
The complete list of sites he discovered ran the gamut from niche, hardly-trafficked storefronts like throwingknives.co.uk all the way up to major ergonomic kitchen gadget-maker OXO. And of course, the NRSC, which was infected with card-swiping malware for a full six months.
In fairness, the NRSC patched its compromised store shortly after de Groot published his blog post. However, the more difficult issue is tracking down the hackers who had thusly swiped data from unsuspecting buyers of #NeverHillary stickers or a Make America Great Again wristband. De Groot was able to follow the skimmed data to a Russian site registered in Belize, and he estimates the total black market value of harvested information from GOP donors is roughly $600,000. It’s unclear if the hackers have already sold the data.
The lesson here is no matter what stupid shit you buy online, at some point, your credit card will probably end up on Alphabay.