It’s been a scary week for Magento 1 website owners, with one of the largest hacks of recent years taking place.
Last weekend, over 2,000 M1 websites were hacked and it has been estimated that thousands of customers may have had their payment information stolen.
What the f**k happened?!
This is the largest instance of a targeted hacking campaign ever, with hundreds of businesses and customers affected.
The attack has been dubbed ‘CardBleed’ and was a Magecart attack that injected a malicious code onto a website that would intercept payment information from the website’s checkout process.
It’s terrifying to think that every customer who visits your Magento 1 site could have their payment details stolen! And this was a big number of affected websites.
On Friday 11th September, 10 stores were found to be infected, then another 1058 on Saturday, 603 on Sunday, and more were found by Monday 14th September.
All of the websites affected were found to be running on Magento 1, which reached end-of-life support back in June 2019.
Who did it?
There’s been lots of chatter on hacking forums (that’s where the bad guys lurk!) that shows that the code used was ‘sold’ to others from a single source, and it was a new exploit that was previously unknown by web developers. No one saw it coming!
According to the forums, the hack made use of the fact that no more patches will be provided for Magento 1 and so the gap is unlikely to be fixed any time soon.
That means there are still nearly 100,000 websites in operation right now that still have this vulnerability on their websites, due to still being on Magento 1.
I have a Magento 1 site – what do I do now?
We are as protective as mama bears when it comes to our clients’ websites, and we feel the same about any website that might be vulnerable to hackers!
The long and short of it is that if you are still running your website on Magento 1, you are vulnerable! There is no patch or update you can implement that will protect your website – the only solution is to upgrade to Magento 2, or switch to a new platform, such as WooCommerce (neither is a quick task).
Here at Laser Red, we’re shocked at how quickly the attacks on M1 sites have come about and so now the pressure is on! We’ve helped lots of Magento 1 websites upgrade to keep their sites secure, but there are so many more out there that need us!
One of our recent upgrades, Tom Lane, is one of those websites that was once on Magento 1 but thankfully the owner Jayne knew she needed to move away quickly;
“I decided to move from Magento 1 over to Woocommerce at the end of 2019. I was happy with the design of my current website but decided that this was a transition that I wanted to make sooner rather than later. Using my current design as the core, we made a few small changes along the way that were put forward by the team and I am really happy with our outcome. The core website remains but with the updated features we have created a seamless and modern shopping experience for my customers!”
If you are concerned about the security of your website or think you may have been the victim of the CardBleed hack, get in touch with us today and we can help get you back on track.