Do you sell directly from your company's website?

Do you use X-Cart to do it?

If you answered yes to both of those questions, you may have had some issues with your sales platform.

X-Cart breach resolved

Thankfully, the issues now seem to have been resolved, but according to the software vendor that makes X-Cart, the issue stemmed from a ransomware attack the company recently suffered. It brought down customer stores that were hosted on the company's platform.

While few details are known at this point, the issue seems to have arisen when attackers exploited a vulnerability in some third-party software that allowed them to gain access to X-Cart's store hosting system. Seller Labs is the company that produced X-Cart.

Seller Labs had this to say

"We have identified what we believed to have been the vulnerability but do not wish to disclose the name until it's confirmed by our security firm."

Reading between the lines of this statement, it appears that the investigation into the matter is still ongoing. However, apparently, the attackers encrypted a small number of X-Cart's servers, which was enough to grind the system to a halt. Of interest, the hackers did not demand a ransom, nor provide any way for Seller Labs to communicate with them, so the company restored their servers from recent backups.

Not all stores were impacted evenly. Some went offline completely, while others simply reported issues with sending email alerts. In any case, Seller Labs moved quickly to restore service and the outage lasted only a few days. Unfortunately, a few days is a very long time, and some of X-Cart's customers are not happy, nor are they satisfied with the rather limited information the company has provided to this point. This prompted them to band together and serve Seller Labs with a Class Action lawsuit.

Our perspective

Everything seems to be back to normal at this point, but if your company was impacted, it pays to be aware of the pending lawsuit and consider how you might wish to proceed.

~ As Hill Street Blues' Sgt. Esterhaus always advised: "Hey, let's be careful out there!" ~


By Denis Wilson and Melissa Stockwell

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can find me on LinkedIn, Facebook, and Twitter.

I am also a published author and speaker in cloud computing and cybersecurity, working extensively with business and professional associations to provide small business technology education programs. Contact me if you would like me to speak at your association