More than 2,000 Magento stores were hacked over the September 12-13 weekend of according to Sansec, a cybersecurity firm that specializes in fighting back against “Magecart” digital card-skimming hacks.
In this blog, the team at 121eCommerce will take a look at what happened – and how it shows the importance of upgrading from Magento 1 to Magento 2. ASAP.
This latest hack affected more than 2,000 stores running Magento 1, and it has been dubbed “CardBleed,” after the notorious “HeartBleed” SSL security bug. CardBleed operated using a typical “Magecart” scheme.
The code steals the information that customers put into the payment sections of the checkout, “skimming” it and sending it to the hackers, who can then resell payment information on the black market, or use it to make their own illicit purchases.
The CardBleed hack started on Friday, when 10 stores were infected. On Saturday, Sansec detected 1,058 infections, then 603 infections on Sunday and 233 on the following Monday. Tens of thousands of customers may have had their card details exposed due to this attack.
In addition, this is the largest such hack since Sansec began monitoring Magecart attacks in 2015 – the previous record was set in July of 2019, when 962 stores were hacked in a single day.
It’s thought that this hack used a newly-discovered Magento 1 exploit that was put up for sale by a user named “z3r0day” on a hacking forum a few weeks ago. This is because many of the stores that were hacked have no previous security incidents – suggesting this hack used a previously-unknown exploit to gain access to thousands of websites at once.
Every website targeted in this hack was running Magento 1, which reached its End Of Life (EOL) on June 30, 2020. This means there is no longer any official support from Magento or Adobe, its parent company.
It’s no coincidence that hackers waited until after EOL for Magento 1 to deploy this new hack. Before Magento 1 EOL, security experts believed that hackers were sitting on unused exploits, and were looking to deploy them after official support for Magento 1 ended – and they seem to be right.
Given that the exploit is still unknown, there may be even more websites at risk – there are estimated to be more than 111,000 websites running Magento 1.x software. This is down from 240,000 in November 2019, but is still a huge number of storefronts – and each one could be targeted with the same vulnerability. Since Adobe does not support Magento 1, there will be no universal patch or fix – each storefront must be fixed individually.
As we’ve mentioned in a previous blog post, using a deprecated platform like Magento 1 is inherently risky – and this latest hack shows just how risky it really is. In the future, it’s likely that even more exploits will be discovered for Magento 1 – and since it’s reached EOL, there will be no security patches to plug these holes and protect your storefront.
Using a compromised platform like Magento 1 puts your data and the information of your customers at risk – and this latest hack is proof of that. It’s time to upgrade.
If you want more information about Magento 1 EOL and how it can affect your store, take a look at our Magento 1 End of Life Guide. Ready for a Magento 2 migration? Contact 121eCommerce now to learn more about our Magento 2 migration services, and begin planning your project right away.