Actually I will not spam you and keep your personal data secure
Check Point Software Technologies released a media alert regarding online shops running Ebay’s open-source software Magento.
The company discovered a massive vulnerability that allows malicious attackers to execute remote code.
If it’s exploited, this vulnerability can fully compromise the store running Magento. Attackers have the ability to completely bypass the store’s security and access the full database and administrative tools.
“The vulnerability we uncovered represents a significant threat not to just one store, but to all of the retail brands that use the Magento platform for their online stores – which represents about 30% of the ecommerce market.” – Shahar Tal, Malware and Vulnerability Research Manager
Prior to disclosing the findings, Check Point ST announced Ebay’s development team on this issue. As a result, the company posted a patch on February 9, 2015 (SUPEE-5344 available here). If you are running Magento and have not patched your application, now is the time to do it.
With over 240 000 installs, Magento is the most popular open-source solution to ecommerce stores in the world. As you know, with popularity comes a lot of attention and especially attention from digital threats. Some of the fastest growing online retailers are using Magento as the go-to platform. Names like Alex and Ani, Warby Parker or established companies such as Christian Loubutin or Olympus have been subjected to this threat.
It’s not the first time either. This example from HackerNews shows how attackers advertised compromised shops in order to gather credit card information.
Long story short – if you are running one of the popular open-source ecommerce platforms (think Magento, Prestashop, OS commerce) – be on the lookout for security threats.