Magento security flaw puts online shoppers’ data at risk
Magento security flaw puts online shoppers’ data at risk

Criminals are exploiting a vulnerability in about 87,000 Magento e-commerce websites that puts information including customers’ stored credit-card data at risk.

The online shopping websites were susceptible to a chain of weaknesses on the platform Magento, which runs on about one-third of online shops, as of Friday morning, according to the Tel Aviv, Israel-based security company Check Point Software Technologies. Cybercriminals who exploit the security holes could “take complete control of the website with pretty much a single request,” says Shahar Tal, the company’s head of malware and vulnerability research.

“For all the credit cards that are stored in the system, the attackers are going to have access to that,” Tal says.

Through the security flaw, criminals can access databases with customers’ personal information, or inject nasty code into the website so it infects users with malware. Check Point discovered the vulnerability and reported it to eBay EBAY, +0.53% , which owns Magento, in January, Tal says, and made it public this week.

Fast Charge would like all it’s Magento users to know that their Magento needs to be done n their Magento Shopping Cart admin area and not in their Fast Charge Payment Gateway account. If you have any questions please call your Magento support contact.

Shutterstock

Criminals are exploiting a vulnerability in about 87,000 e-commerce websites that puts information including customers’ stored credit-card data at risk.

The online shopping websites were susceptible to a chain of weaknesses on the platform Magento, which runs on about one-third of online shops, as of Friday morning, according to the Tel Aviv, Israel-based security company Check Point Software Technologies. Cybercriminals who exploit the security holes could “take complete control of the website with pretty much a single request,” says Shahar Tal, the company’s head of malware and vulnerability research.

“For all the credit cards that are stored in the system, the attackers are going to have access to that,” Tal says.

Through the security flaw, criminals can access databases with customers’ personal information, or inject nasty code into the website so it infects users with malware. Check Point discovered the vulnerability and reported it to eBay EBAY, +0.53% , which owns Magento, in January, Tal says, and made it public this week.

Magento says it issued an update that fixed the weakness on Feb. 9 and began notifying customers the following day. But Check Point says it has heard that Magento didn’t send alerts to notify all users that they needed to push a security update through until last week. Magento says it is “not aware of any impacted customer data from the vulnerability.

Brands that run online shops on Magento include Nike, Ghirardelli, Sierra Nevada Brewing Company, Rebecca Minkoff, Zumiez and Rosetta Stone, all of which have installed the security update, Magento says.

“Any customer that has not yet implemented the patch is encouraged to visit our customer and partner portals and to do so immediately,” Magento told MarketWatch in a statement. “We are focused on eliminating the vulnerability and are committed to ensuring the Magento platform is safe and secure for commerce.”

Tal says researchers have seen attackers scanning for websites that run on Magento, and then adding additional administrator accounts to those systems so they can log back in later to steal data.

“The vulnerability has been out there for years now,” he says. “The fact that we discovered it right now as part of our vulnerability research efforts does not necessarily mean it just started to be exploited right now.

Online shoppers are generally at the mercy of the websites they’re purchasing from when it comes to security. But there are several security factors customers can bear in mind:

About Magento:

Magento can be easily integrated with your online shopping website to create a dynamic interface that not only sells and compels, but also offers a convenient experience to visitors. Let us see what else makes Magento the most preferred and perfect e-commerce platform.

– Magento comes with many easy-to-use features.
– It enables you to update your shopping website automatically, where this feature is not available in other platforms.
– It makes easy for the visitors to browse and buy any product or service through its simple, quick, and versatile functionality.
– It offers highly interactive and enjoyable shopping experience to consumers.
– Over and above supporting multiple websites, Magento also imparts support to online stores to promote their goods and services on various other domains.
Magento has been designed based on the MVC system; hence, it helps you make your website greatly scalable.
– Magento-based e-commerce websites feature powerful SEO, marketing and management tools so to fulfill particular business needs of the merchants.

Magento is an open-source PHP based e-commerce platform that apart from having robust features, provides extreme flexibility to the business owners to manage the content, appearance, and functionality of their e-commerce store. Furthermore, it offers a flawless administration interface that involves an effective marketing, search engine optimization, and inventory management tools to give sellers an ability to create sites according to their business requirements.

Get Started Free Today!

Sign up or Switch Free Today! All Information Will Remain 100% Confidential!

  • Free Merchant Account Setup
  • FREE Month to Month Contract
  • FREE No Obligation Application
  • FREE Credit Card Terminal Options
  • FREE No Hidden Cancellation Fees
  • FREE Cost Savings Rate Review
  • FREE Mobile Payment Apps
  • Free Termination Fee
  • Free V/MC/Discover/Amex Setup
  • Free Guaranteed Low Rates
  • Free Support
  • Free Unlimited Users
  • Free Brute Force Prevention
  • Free CVV/CVV2 Verification
  • Free Virtual Terminal
  • Free Secure Payment Forms
  • Free Recurring Billing
  • Free Over Limit Fee
  • Free Batch Processing
  • Free Fraud Screening
  • Free Terminal Programming
  • Free Country And IP Blocking


Payment Gateway


Fast Charge is a quick, easy and secure way to process all of your payments. It's real-time and you're always open!

Reasons

Top Features

Industries