The purpose of these scripts is to steal customers' credit cards, Bleeping Computer reports. The Magento 2FA extension supports multiple authenticators including but not limited to Google Authenticator, Authy, Duo, and U2F keys. 2FA applies to Magento Admin users only and it is not available for online store customer accounts.
The Adobe Security Operations team suggests that roughly 75% of all web skimming (or Magecart or e-skimming) attacks were caused by the attackers being able to deploy card skimmer scripts on Magento Commerce websites via compromised admin accounts. The 2FA will help Magento admins to have an additional layer of authentication to decrease the attack surface for skimming attacks by preventing threat actors from gaining access to the site through the admin portal using a compromised account.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now