Merchant Stories

Magento 1 Dangers: Nearly 2,000 Stores Hacked in Two Days

Sep 16, 2020
1 min read
Magento 1 Dangers Nearly 2,000 Stores Hacked in Two Days

How much time is needed to hack nearly 2,000 Magento 1 stores? Recent events show that hackers need hours for such an extensive hacker attack.

A company specialized in skimming prevention Sansec BV identified the biggest hacker attack on Magento stores. Nearly 2,000 M1 stores were hacked over the weekend. These stores had one thing in common. They were running on Magento 1, which met its end of life in June 2020.

Attackers used a typical theme that allowed them to breach sites and plant malicious scripts inside the course code of the stores. The code had one main goal – it was logging payment card detailed entered at the checkout by unsuspecting customers.

GoMage PWA Theme

Sansec, which actively watches the global eCommerce space, reported that 10 stores were infected on Friday, 1,058 on Saturday, and 603 on Sunday. The company says that it was the biggest attack on eCommerce stores identified by these days.

After the end of life, Magento 1 is now a deprecated eCommerce platform, which doesn’t receive any updates and security features anymore. Attacks on M1 stores were anticipated long ago. Last year, Adobe urged store owners to migrate to Magento 2. Then Visa, Mastercard, and even the FBI voiced their concerns about the security of stores that will continue running on M1 after the Magento 1 sunset date.

Sansec estimates that hackers could get their hands on the private information of tens of thousands of customers of a single store. The real damage is yet to be investigated.

The investigation allows speculating that hackers used a recently uncovered 0day exploit that was put on sale on a hacker site a few weeks ago. The hacker under the name of z3r0day announced that the exploit allowed to get access to the website with no prior access to the Magento admin account. The hacker sold the exploit for only $5,000. The fact that Magento 1 will no longer receive any security fixes to address the exploit and the promise of the hacker to sell only 10 copies of it made the deal even sweeter.

Why Upgrade to Magento 2

Today, the only solution for businesses on Magento 1 is to Migrate to Magento 2. This way, they can secure their businesses from hacker attacks and get access to innovative features.

Magento 2 has a lot of benefits as compared to Magento 1:

  • processing of 154,000 more orders per hour
  • 50% faster loading time
  • 66% faster products adding to the cart
  • full PWA support
  • Ajax cart
  • advanced caching system
  • faster PHP 7 framework
  • powerful Magento extensions
  • support of third-party integrations

That's where you contact us!

    By submitting this form you agree to GoMage's Terms of Use and Privacy Policy
    woo-hoo! Now its time to keep checking your inbox, as we will be getting in touch soon. Promise :)
    oops! Thanks. But it seems like some kind of technical issues stop you from meeting GOMAGE. Could you try again?