Payment card skimmers have hit four online merchants with help from Heroku, a cloud provider owned by Salesforce, a researcher has found.
Heroku is a cloud platform designed to make things easier for users to build, maintain, and deliver online services. It turns out that the service also makes things easier for crooks to run skimmers that target third-party sites.
On Wednesday, Jérôme Segura, director of threat intelligence at security provider Malwarebytes, said he found a rash of skimmers hosted on Heroku. The hackers behind the scheme not only used the service to host their skimmer infrastructure and deliver it to targeted sites. They also used Heroku to store stolen credit-card data. Heroku administrators suspended the accounts and removed the skimmers within an hour of being notified, Segura told Ars.