If you are an e-commerce site or involved in an online retail business, we highly recommend studying the possibility of moving from the Magento shopping cart system at the soonest possible time. We have reported about how insecure Magento twice in 2019 now, the first article was dated January 18, 2019, which disclosed a critical vulnerability in the software, a second article was dated Mar 31, 2019, involving Stolen Credit Cards due to an old version of Magento still being used in production. Earlier than that on September 3, 2019, a malware named MagentoCore infected unpatched Magento Install, targeting vulnerable e-commerce sites. Magento became one of the most talked about e-commerce software here in due to its insecure nature, something is really wrong with its development.
This time around, Foregenix scanned around 9 million e-commerce websites, 200,000 of it use vulnerable versions of Magento. Magento e-shopping system is labeled as a high-risk platform, with 60% of the affected servers located in North America alone. Foregenix revealed that every day, around 1.4% of all Magento-powered e-commerce websites are compromised at any given time. Information is leaked without the webmasters of these sites being aware of the online transactions and information exchange happening in the background.
“Magento is a market leader for good reason. However, this leadership position also attracts the attention of criminals looking for easy targets, such as websites that have not kept their Magento software up to date or have basic security flaws like leaving their admin page unprotected,” explained Benjamin Hosack, Foregenix’s Chief Commercial Officer.
A non-sophisticated data breach cost around £25,700, that amount pertains to the cheapest average cost to the company who became a victim of a data breach in the UK in order to undergo a reasonable level of rehabilitation. Huge multinational companies are not affected by a “retail” e-commerce solution such as Magento, as their internal web development teams can and do so choose to develop an internal e-commerce system from scratch instead of dealing with the likes of Magento.
Startup and SMEs are the most affected by bugs in an e-commerce platform since they both lack the funding that large corporations have in order to internally develop an e-commerce solution. A custom system from a 3rd party is also expensive, hence retail-based packages such as Magento is used instead. Easy to deploy and documentation for its usage is guaranteed. However, since it is another software stack running on the webserver while being also proprietary software, the company needs to trust Magento’s developer wholeheartedly.
“In the vast majority of cyber attacks victims are small local businesses which never thought they’d be a target for criminals and didn’t realise when they were hacked. Their payment data can be leaked to criminals for months on end before they are notified by credit card companies,” added Hosack.
For those that cannot migrate away from Magento anytime soon, it is highly recommended to check the Magento website for an updated version available for download and apply it as soon as possible.