The purpose of these scripts is to steal customers' credit cards, Bleeping Computer reports. The Magento 2FA extension supports multiple authenticators including but not limited to Google Authenticator, Authy, Duo, and U2F keys. 2FA applies to Magento Admin users only and it is not available for online store customer accounts.
The Adobe Security Operations team suggests that roughly 75% of all web skimming (or Magecart or e-skimming) attacks were caused by the attackers being able to deploy card skimmer scripts on Magento Commerce websites via compromised admin accounts. The 2FA will help Magento admins to have an additional layer of authentication to decrease the attack surface for skimming attacks by preventing threat actors from gaining access to the site through the admin portal using a compromised account.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now
We welcome comments that add value to the discussion. We attempt to block comments that use offensive language or appear to be spam, and our editors frequently review the comments to ensure they are appropriate. If you see a comment that you believe is inappropriate to the discussion, you can bring it to our attention by using the report abuse links. As the comments are written and submitted by visitors of the The Paypers website, they in no way represent the opinion of The Paypers.