Payment processor Checkout.com revealed on Thursday that notorious hacking group ShinyHunters had infiltrated a legacy third-party cloud file storage system, exposing internal documents from years past.
The breach, which the company attributes to its own oversight in decommissioning the outdated platform, affects less than 25% of its current merchant base but spares critical payment infrastructure.
The incident surfaced last week when ShinyHunters, a collective known for high-profile data thefts including breaches at Microsoft, AT&T, and Ticketmaster, contacted Checkout.com demanding a ransom.
The group claimed possession of sensitive data tied to the London-based fintech firm, which processes billions in transactions annually for e-commerce giants worldwide.
Upon investigation, Checkout.com confirmed unauthorized access to a cloud system used before 2020 for internal operational documents and merchant onboarding materials. “This was our mistake, and we take full responsibility,” stated Mariano Albera, the company’s Chief Technology Officer, in an official blog post.
What are the Data Affected
The legacy setup, managed by a third-party provider, was not properly retired, creating a vulnerability that threat actors exploited. Crucially, the hackers never reached the live payment processing platform; no merchant funds, card numbers, or real-time transaction data were compromised.
ShinyHunters, active since at least 2020, has built a reputation for selling stolen data on dark web forums, often targeting financial and tech sectors.
Their tactics typically involve exploiting misconfigurations or weak access controls, aligning with the decommissioning lapse here. Security experts note this as a reminder of “zombie systems” forgotten infrastructure that lingers as easy prey for cybercriminals.
Checkout.com emphasized transparency in its response, vowing not to yield to extortion. “We will not pay this ransom,” Albera declared. Instead, the company plans to donate an equivalent amount to Carnegie Mellon University and the University of Oxford’s Cyber Security Center, funding research to combat cybercrime.
“Security, transparency, and trust are the foundation of our industry,” he added. “We will own our mistakes, protect our merchants, and invest in the fight against the criminal actors who threaten our digital economy.”
The firm is now notifying affected merchants, collaborating with law enforcement, and regulators to mitigate fallout. “We are sorry. We regret that this incident has caused worry for our partners,” Albera wrote, offering direct support through account managers.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
