Hackers are collecting payment details, user passwords from thousands of sites. Servers of at least seven companies compromised to deliver malicious code to thousands of sites. Hackers have breached the servers of at least seven online service providers to embed malicious code on thousands of websites, security researchers have told ZDNet. The attack is ongoing, and the malicious scripts are still live, at the time of this article’s publishing. Third-party company: Picreel and Alpaca Forms.