Sales
0161 215 3814
0800 953 0642
Support
0800 230 0032
0161 215 3711

Is There a Magento Vulnerability in Store for You?

Earlier this week a vulnerability was discovered that has potentially compromised nearly 6,000 online stores. It’s thought to affect the popular platform Magento and, if this news is giving you more stress than anyone should experience on a Friday afternoon, there are steps that you must take to ensure you’re protected; and, even if you’re not a Magento user or an online store, there are some good security practices you can take away from this.

Magento vulnerability

Yesterday the news made the headlines that nearly 6,000 online stores had been hit by hackers and are unaware that they’re now home to malicious code that’s stealing their customer’s details. Initial investigations by Dutch developer Willem De Groot  suggest that it’s likely an issue with a piece of malware called MageCart that affects (you might have guessed from the name) popular eCommerce platform Magento.

The good news is that the vulnerability is based in JavaScript and means your solution would already need to be compromised to affect a store. The bad news is that a lot of businesses won’t know that they’re compromised, and attacks are on the rise. De Groot only found the vulnerability because he had been looking for vulnerabilities after his own details were stolen – it really can happen to anyone which is why it’s so important to stay alert.

The way the attack works is that once attackers have gained access to compromised accounts they then inject a bit of code that allows them to lurk in a system undetected, copying credit card and other payment info. The stolen data is then pedalled on dark web markets at a rate of about £25 per card, which is a pretty good deal considering the damage it could do to a site’s customers and reputation.

So, how can you protect yourself?

You can check to see if your site is affected on websites like https://www.magereport.com/, and to be on the safe side make sure you’re updated and – if needs be – patched, which you can do at the official Magento site – https://magento.com/security/patches/supee-8788.

If you’re a UKFast client and are at all concerned give your account manager a call.

Ensuring you’re applying updates – which often contain patches for the latest vulnerabilities – is key to keeping your details, and your customers’ details, safe.

“New cases could be stopped right away if store owners would upgrade their software regularly,” wrote Mr De Groot. “But this is costly and most merchants don’t bother.

“I would recommend consumers to only enter their payment details on sites of known payment providers such as Paypal,” he told the BBC. “They have hundreds of people working on security, the average store probably has none.”

Our Magento experts said: “We take security very seriously at UKFast, especially with eCommerce. We are delighted Magento now supports PHP 5.6 with the new patch, as well as delivering over 120 improvements. We advise clients to apply the patch as soon as possible and then upgrade to PHP 5.6.”

Magento’s a pretty hot topic at the moment with the release of Magento 2 (M2), which means that it’s a pretty hot topic for attackers too. However, it’s important to avoid the classic head in the sand ‘it’ll never happen to me’ mentality. Attacks are growing by the day and attack methods are evolving at a fair clip, so ensure you’re employing good security practices and that what you’re selling is your stock and not a world of pain.

For more expert Magento insights we have a dedicated Magento support pod – to find out more give us a call on 0800 093 3902.

Share with:

Enjoy this article?