Urgent warning to businesses running online shops on the Magento platform
If you have an eCommerce site/online store your card data may be at risk due to a vulnerability which has been around for three years. The FBI has reported that attackers are exploiting this vulnerability to plant malicious script that records and steals customers card details.
This affects online shops large and small, and we have been helping increasing numbers of businesses after they have fallen foul of this.
The vulnerability is a cross-site scripting exploit found in a plugin for Magento platform used by thousands of eCommerce sites and allows hackers to take full control over the targeted sites.
If you have an online store and using the Magento platform, now is the time to review which version you are running and ideally upgrade to version 2.x.
The vulnerability is within a Magento plugin, so whatever payment provider you use, Sagepay, Paypal, Stripe etc is almost irrelevant.
The organisations we have assisted post-breach only became aware that their customers’ card data had been breached either when customers complained that their card data had been used elsewhere or when their payment acquirer had notified them. The fall out from this normally includes a Payment Card Industry Forensic Investigation, followed by an assessment by a Payment Card Industry Qualified Security Assessor and fines from the card brands.
Read more on the FBI warning on ZD Net: FBI warns about attacks on Magento online stores via old plugin vulnerability