Redazione RHC : 16 November 2025 12:15
Payment service Checkout.com was the victim of an extortion attempt: the ShinyHunters group claimed to have accessed company data and demanded a ransom.
An investigation revealed that the attackers had infiltrated an old cloud storage system used by the company for several years. This service, owned by a third-party provider, had not been properly deactivated, which paved the way for the compromise.
The breach did not involve a functioning payment platform, but rather an archive used before 2020. It contained internal documents, new customer onboarding materials, and other organizational files.
The company estimates that the incident affected less than a quarter of its active customer base. However, the actual payment infrastructure, including card credentials and access to merchant funds, was unaffected: this segment was not connected to the vulnerable system at all.
Checkout.com emphasizes its full responsibility: the outdated service should have been deactivated and removed promptly. The company has already begun identifying affected customers and is contacting them directly. It is also cooperating with law enforcement and regulatory bodies.
Despite the extortionists’ demands, Checkout.com refused to pay and stated that it had no intention of making concessions to the criminals.
The company has instead decided to donate the ransom money to support cybercrime research . The funds will be donated to two university centers, Carnegie Mellon and Oxford, that study cybercrime and its prevention methods.
The company states that security and transparency are the foundation of trust in the payments industry. Checkout.com is committed to correcting its errors, strengthening security, and assisting customers affected by the incident. Service representatives remind merchants that they can contact their company representatives for further assistance.
Redazione
