E-commerce site using Magento
Around 2000 e-commerce stores running the Magento program were targeted in August, compromising thousands of customer information. All of these stores were running an older version of Adobe’s Magento software, for which Adobe ended the support as of June 30. Magento is an open-source e-commerce platform written in PHP, which was acquired by Adobe in 2018. According to Sansec research, about 95,000 e-commerce sites still rely on the older version.
2020 has by far been the largest-scale of attacks towards e-commerce sites since 2015. For one store alone, tens of thousands of customers had their payment information compromised.
On a hacking forum, the user z3r0day posted the selling of a Magento 1 “remote code execution” exploit procedure for $5000, with a tutorial clip. Supposedly, no current Magento admin account is required. The user added “Magento 1 is end-of-life – no patches will be provided by Adobe to fix this bug,” which expands the exploit surface.
Adobe has urged customers to upgrade to the newer platform, which is Magento 2, also adding no further patches will be issued by Adobe for Magento 1.