A man-in-the-middle attack, which uses skimming to tap customer data and payment information from neglected Magento shops, spoils online purchasing for customers.
Thousands of online shops worldwide have been infected with malicious code that can tap customers’ payment information. Simple updates could have already stopped the gap long ago. According to the German Federal Office for Security in Information Technology (BSI), online shops that use an outdated version of Magento software are affected.
The injected code and associated data outflow is apparently not usually detectable by end users. Although the responsible network operators were informed back in September 2016 and security updates were available , many shop owners have still not closed the security gap. This increased the number of shops in Germany that were victimized by this skimming attack and thus jeopardized their customers' credit card data from few hundred to over a thousand.
The federal administration’s Computer Emergency Response Team (CERT-Bund) has now informed network operators about the danger once again. The BSI points out that operators of online shops are required by the German Telemedia Act to protect their systems against attacks according to the latest technology. Above all, this includes the "regular and timely installation" of available security updates. Shop owners with guilty consciences can quickly have their online sales checked for known vulnerabilities at MageReport.com .