Hopefully, after the ransom was paid and the hackers helped the sites come back up, there was a thorough analysis of all the code to be sure the hackers didn't leave any back doors, or redirect links.
I had won an auction with VSA and there was no way I was going to pay through their website - I went down and paid in person. Had they been too far away, I would've mailed a check. Even opening an invoice in .pdf format would make me nervous.
I think it is false security to assume that payment info is safe because it isn't collected or stored by the various AH. IF the hackers left spyware on the servers - and I'm not saying they did, but since they had control of the servers for several days (including that weekend they supposedly weren't working,) unless and until a full forensic analysis is performed and results made public, we don't really know what's going on.
|