Almost 2000 stores using the Magento eCommerce platform had been affected over the weekend.
Security researchers claim this to be the “Largest Campaign Ever” they have observed to date since 2015.
According to security experts, it was a typical Magecart scheme where hackers inject malicious code to breach intercept and logged the payment card details that trusted shoppers entered inside the checkout page.
The founder of Sanguine Security (Sansec) Willem de Groot, a Dutch cyber-security firm specialized in tracking Magecart attacks found the following data during the observation:
- 11th September (Friday) 10 stores got infected.
- 12th September (Saturday)1058
- 13th September (Sunday) 602 and
- 14th September (Monday) 233
Most stores were operating on Magento 1.x (EOL) version
The Sansec notes that the affected stores were found to be running Magento version 1.x.
On June 30, 2020, Magento version 1 reached its end-of-life (EOL). Currently, this version is not receiving any security updates or support for any fixes.
Last year in November 2019, Adobe (owned by Magento) issued the first alert about store owners needing to update to the Magento 2.x as the company was expecting attacks since last year.
Earlier, Adobe warned about the forthcoming attacks on Magento 1.x stores which were later resonated in similar advisories issued by Visa and MasterCard. Several experts in the web security community said that new Magento 1.x vulnerabilities had not been spotted in a while, which was uncharacteristic because the 1.x branch was old and damaged with security holes.
So, the experts were right!
However, de Groot has not yet identified how hackers attacked Magento1.x websites that have been targeted over the weekend.
Sansec founder added that ads for a Magento 1.x zero-day vulnerability had been posted last month on underground hacking forums, further confirming that attackers were waiting for the EOL to come around.