Thousands of online stores around the world have been hit by a major cybersecurity attack due to the use of outdated and unprotected ecommerce software.
Nearly 2,000 stores using the Magento e-commerce platform were affected by what security researchers have described as the “largest documented campaign to date”.
The attack was described by researchers at Sansec, who exposed the campaign as a “typical Magecart attack” in which malicious code was injected to intercept the payment information of unsuspecting customers.
Sansec notes that the affected stores are running Magento version 1
The company discovered various Magento stores in 1904 with a unique keylogger (skimmer) on the checkout side, far larger than any other recorded attack since 2015 when it first started monitoring the software.
Sansec added that many of the affected stores had no security incidents in the past, suggesting that a new attack vector was used to gain server (write) access. A Magento 1 0day (exploit) was found to be on sale in a hacking forum for $ 5000 a few weeks ago.
The company is working with the businesses affected and has provided law enforcement agencies with a full list of the businesses at risk.
This isn’t the first time Magento software has been recently flagged as a security risk. As early as May 2020, the FBI announced that hackers were taking over online shops and stealing customers’ payment card data by exploiting a three-year-old security hole in a Magento plug-in.
The lack of compliance with the PCI or Payment Card Industry Data Security Standard, which online retailers must comply with, adds to the severity of the situation.
Some payment providers have stated that they will no longer support merchants who are still using Magento 1 after EOL. However, others have stated that customers will need to move to Magento 2, which means many retailers are still confused about how much support they have.