IMPORTANT: A Magento Exploit That Allows Hackers to Skim Credit Card Data During Checkout

I think some of you have come across these articles:

They talk about a Magento exploit that allows hackers to skim credit card data during checkout. Although the articles were published 2 months ago, it’s surprising that there are still a lot of websites using Magento affected by this exploit. I and my friend scanned a number of websites and we were actually able to change their core files which allowed us to skim credit card data during the checkout process. The skimmed data was then logged to a fake image file (actually a text file) located in the media folder, then we were able to download these text files from a remote server. We were able to get thousands of Credit Card numbers a day from this exploit and others can also do the same.

Some of you may not be aware that your sites may contain improper sourcing & installation of hacked third-party extensions. Therefore, I am writing this thread to ask you to do the following ASAP:

  1. Quarantine the files affected

  2. Change your admin passwords in Magento

  3. Alert your credit card processing company of the breach

  4. Inform your hosting provider of the breach so other sites will not be affected

  5. Upgrade to Magento Enterprise or switch to another platform

I hope this thread is helpful for you. You can go through the two articles above for more information. Remember to inform your hosting provider of the breach.

Thank you.

For the record: this is not a Magento exploit or Magento vulnerability. It’s only a security risk if your admin password is breached or you install a malicious extension. Obviously in either case, security can be compromised but this is not a flaw in Magento’s architecture. It’s bad behavior on the administrator’s part for not maintaining their password securely or performing a code review of any extension installed.

Nexcess is one of the best places to host Magento by the way, as proven by that article and the steps they took to scan all clients using their infrastructure.