December 8, 2024 BY
IN Technical Issues

On 8th of Dec we had a Carding Attack on our online store. This caused us to take down our store until we were able to stop the attack and put in counter measures.

No customer information or any other PII (Personal Identifiable Information) was breached.

Attack Details

  • Attack date and time: 8th Dec 2024 from 2:43am to 2:55am.
  • Store downtime: 8th Dec 2024 from 2:55am to 3:35pm (approx 12 hours)

What is a Carding Attack?

A Carding Attack is when hackers use stolen credit card details to test them out on online web stores in an attempt to see a success. If they are successful then they can use those credit cards else where.

This is a sophisticated and targeted attack on a webstore.

How was TDM able to stop the attack?

At about 2am our engineers were woken up by Alerts, where we saw a surge in traffic on our website. This traffic originated from around the world so our firewall wasn’t able to pick it up.

We quickly observed that the behaviour was not ‘normal‘ and put the store in maintenance mode. We started to see Payment Anomalies from Stripe that wasn’t the usual pattern.

We noticed that Stripe (our payment processor) was able to use Radar to fend of the attack. See below message from Stripe.

The usual objective of this kind of attack is to use as many credit cards to get a success. If they would have been able to succeed then we would also have had a financial loss by a surge in fees to our payment platform. In addition, all the payments would have to be reverted as they would have been fraudulent transactions – so basically the hassle of managing these.

In the span of 12 mins we had 73 fake orders come in – so obviously they were using a script. From our investigation they were using a python script to generate this traffic.

This attack caused our store to be offline for around 12 hours.

What else is TDM doing?

We are reviewing our security protocols and firewalls and stepping up additional measures to counter these attacks in the future.

Rest assured you and your personal information is in safe hands.

Thank you
The Dental Market Team