Cybercriminals hack over 1,000 Magento online stores to steal card data

Wednesday 4 April 2018 10:35 CET | News

At last 1,000 Magento sites have been hacked by cybercriminals and infected with malicious scripts that steal payment card details.

Moreover, the online stores have been running cryptojacking scripts or were used as staging points in the delivery of other malware, according to Bleeping Computer. The sites were being compromised through brute-force attacks using common and known default Magento credentials, the online publication cited Flashpoint researchers.

These types of attacks are simplified when admins fail to change the credentials upon installation of the platform. Meanwhile, attackers can build simple automated scripts loaded with known credentials to facilitate access of the panels. According to the security researchers, the vast majority of these 1,000+ compromised sites belongs to the education and healthcare sectors, with the vast majority of them hosted on servers located in Europe and the US.

As criminals have access to cheap brute-forcing botnets that they can use to guess site passwords with relatively little effort, site owners are advised to use unique usernames and passwords that can’t be guessed after a few attempts.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: Magento, malware, ecommerce, credit card, security, fraud prevention, online stores, cybercrime, malicious scripts
Categories: Fraud & Financial Crime
Countries: World
This article is part of category

Fraud & Financial Crime

Industry Events