Thousands of sites using this popular ecommerce platforms hit by hack

india online shopping trends
(Image credit: Financial Express)
Audio player loading…

Thousands of online stores around the world have been hit by a major cybersecurity attack due to using outdated and unprotected ecommerce software (opens in new tab).

Almost 2,000 stores using the Magento (opens in new tab) ecommerce platform were affected in what security researchers described as the "largest documented campaign to date".

The attack was described by researchers at Sansec (opens in new tab), which uncovered the campaign, as, "a typical Magecart attack" where injected malicious code looked to intercept the payment information of unsuspecting customers.

Sansec notes that the affected stores were found to be running Magento version 1, which was announced as reaching its end-of-life in June 2020, but is still used by around 95,000 stores worldwide.

The company detected 1904 distinct Magento stores with a unique keylogger (skimmer) on the checkout page, far larger than any other recorded attack since 2015, when it first began monitoring the software.

Sansec added that many of the affected stores had no prior history of security incidents, suggesting that a new attack method had been used to gain server (write) access. It noted that a Magento 1 0day (exploit) had been put up for sale on a hacking forum for $5000 a few weeks ago.

The company is working with the affected stores, and has made a complete list of compromised stores available to law enforcement agencies.

This is not the first time that Magento software has been flagged as a security risk recently. Back in May 2020, the FBI flagged (opens in new tab) that hackers were taking over online stores and stealing customers' payment card data by exploiting a three-year-old vulnerability in a Magento plugin.

Adding to the seriousness of the situation is the lack of PCI, or Payment Card Industry Data Security Standard compliance, which online traders need to be in line with. 

Some payment providers have said they will no longer support merchants still on Magento 1, past EOL, however others have stated customers need to switch to Magento 2, meaning many retailers are still confused about the level of support they have.

  • We've also highlighted the best antivirus (opens in new tab) software around

Via ZDNet (opens in new tab)

Mike Moore
Deputy Editor, TechRadar Pro

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.