Hackers exploited security vulnerabilities and weak passwords to burrow their way into a number of e-commerce sites, including that of the NRSC (National Republican Senatorial Committee), which advocates for electing Republicans to the U.S. Senate.
Dutch researcher Willem De Groot reported that the NRSC was among more than 5,900 e-commerce sites penetrated by two Russian credit card harvesters who transferred the stolen card data to servers maintained by a shady Russian-language ISP.
Shoppers who purchased a “Never Hillary” sticker or gave money to the NRSC through its website between March 2016 and the first week of this month, likely had their card data stolen and it probably is for sale on underground forums.
De Groot said a number of the hacked sites were operating outdated e-commerce software or content management software. The attackers also used brute-force attacks or tried out various passwords to gain entry.