1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

A Magento Exploit That Allows Hackers to Skim Credit Card Data During Checkout

Discussion in 'Web Hosting' started by jackjack91, Sep 24, 2014.

  1. jackjack91

    jackjack91 Newbie

    Joined:
    Sep 24, 2014
    Messages:
    1
    Likes Received:
    0
    I think some of you have come across these articles:

    blog.nexcess.net/2014/07/25/recent-exploit-using-fake-magento-extensions/

    thewhir.com/web-hosting-news/nexcess-uncovers-magento-exploit-allows-hackers-skim-credit-card-data-checkout

    They talk about a Magento exploit that allows hackers to skim credit card data during checkout. Although the articles were published 2 months ago, it?s surprising that there are still a lot of websites using Magento affected by this exploit. I and my friend scanned a number of websites and we were actually able to change their core files which allowed us to skim credit card data during the checkout process. The skimmed data was then logged to a fake image file (actually a text file) located in the media folder, then we were able to download these text files from a remote server. We were able to get thousands of Credit Card numbers a day from this exploit and others can also do the same.

    Some of you may not be aware that your sites may contain improper sourcing & installation of hacked third-party extensions. Therefore, I am writing this thread to ask you to do the following ASAP (Especially for those who use Magento Go and ProStores)

    1. Quarantine the files affected
    2. Change your admin passwords in Magento
    3. Alert your credit card processing company of the breach
    4. Inform your hosting provider of the breach so other sites will not be affected
    5. Upgrade to Magento Enterprise or switch to another platform

    I hope this thread is helpful for you. You can go through the two articles above for more information. Remember to inform your hosting provider of the breach.

    Thank you.