Checkout.com Defies Hackers, Chooses to Donate Ransom After Data Breach

Checkout Faces Extortion Attempt by ShinyHunters Threat Group

Recently, Checkout, a UK-based financial technology company, disclosed that it has been targeted by the ShinyHunters threat group, which breached one of its legacy cloud storage systems. The cybercriminals are now demanding a ransom from the company.

Despite the significant impact on a portion of its merchant base, Checkout has taken a strong stance against paying the ransom. Instead, the company has decided to invest in enhancing its security measures to prevent future breaches.

Checkout, operating under the domain checkout.com, is a prominent global payment processing firm known for providing a unified payments API, hosted payment portals, mobile SDKs, and plugins for various platforms.

The company offers support for multiple payment methods and incorporates features like fraud detection, identity verification (KYC), and a dispute resolution system.

Noteworthy clients of Checkout include eBay, Uber Eats, adidas, IKEA, Pinterest, and many more renowned businesses, handling substantial revenue transactions.

The breach occurred through a third-party legacy system that had not been properly decommissioned. This system contained merchant data from 2020 and earlier, along with internal operational documents and onboarding materials.

ShinyHunters, a notorious cybercrime group, gained unauthorized access to this system and demanded a ransom from Checkout. The incident highlights the importance of robust cybersecurity measures in safeguarding sensitive data.

As a response, Checkout has chosen not to yield to the demands of the cybercriminals. Instead, the company plans to donate the ransom amount to esteemed institutions for cybercrime-related research.

Furthermore, Checkout has pledged to fortify its security protocols to ensure enhanced protection for its customers in the future.

The cybercriminal group ShinyHunters is notorious for targeting large organizations through phishing, OAuth attacks, or social engineering tactics. Their recent exploits include the Oracle E-Business Suite zero-day vulnerability and attacks on Salesforce/Drift.

Checkout.com has refrained from disclosing the specific third-party cloud file storage system that was compromised or the exact method of the breach. BleepingComputer reached out to the company for further details.

With the rise of the Model Context Protocol (MCP) as the standard for connecting LLMs to tools and data, security teams are prioritizing measures to secure these new services.

Explore this free cheat sheet outlining 7 best practices for immediate implementation.

Download Now