We discovered that the online credit card skimming attack known as Magecart or E-Skimming was actively operating on 3,126 online shops. Our data shows that the attack started on September 7, 2019. All of the impacted online shops are hosted on the cloud platform of the e-commerce service provider “Volusion,” one of the top e-commerce platforms in the market. This is actually the third time we have identified a card skimmer injected into the cloud platform of an e-commerce provider. Two other businesses were already victimized this year: a campus e-commerce platform and a hotel e-commerce platform. These targets are obviously appealing to cybercriminals since they are connected to multiple — in this most recent case, thousands of — online shops.