More Financial Data Lost to Botnets and BlackPOS Clones

Security professionals at Krebs Security have come forward and identified several websites and e-commerce portals that have been hijacked, through a flaw in Adobe’s ColdFusion web platform first discovered last week.

According to a report from the Guardian this Monday, hackers were able to infiltrate the web servers of the French automobile maker Citroen, as well as pages called,, and the site for the peanut butter and jelly distributor Smuckers.


If the selection of servers hit in the attack seem a bit random, that’s because they are. It’s believed that hackers simply scanned the web for any web portals running the outdated, vulnerable version of ColdFusion, and started scraping up any financial data they could from their servers while they had the chance. Brian Krebs believes that the hack at Citroen has been active since sometime in August of 2013, and ran completely undetected for about 6 months before being ousted on his blog last week.

“This breach poses a serious concern to countless businesses and individuals. While we are not aware of specific use of data from the source code, we fear that disclosure of encryption algorithms, other security schemes, and software vulnerabilities can be used to bypass protections for individual and corporate data. Effectively, this breach may have opened a gateway for a new generation of viruses, malware, and exploits.”

One thing’s for certain — if the past few months are any indication of what’s to come, we may need to see a massive overhaul in the way financial data is recorded, stored, and processed from here on out.

Visa and Mastercard have already announced their own plans to release a new type of card that requires an increase in both digital and biometric layers of security, but without any actual solutions in the pipeline for at least the next few years, this era could go down in history as the Wild West for hackers who are on the hunt for your personal financial information and credit card details.