Hackers compromised infrastructure of Volusion cloud-based e-commerce platform to inject customer checkout pages with malicious JavaScript code that steals payment card data. Check Point security researcher Marcel Afrahim discovered the compromise while shopping on Sesame Street Live Store, a website from Feld Entertainment. Thousands of websites are likely loading the attackers’ script and sending payment information to their server. Some may have been compromised as early as September 12, according to Afrahim. Volusion boasts 30,000 merchants actively using the platform.
Source: https://www.bleepingcomputer.com/news/security/c-is-for-credit-card-magecart-hits-volusion-e-commerce-sites/