Security company Check Point claims it has discovered a serious security flaw in the Magento ecommerce platform. They claim the vulnerability could put shopper’s credit card, and other personal and financial details at risk.
The reported RCE (remote code execution) problem could leave as many as 200k Magento sites open to a hack attack, according to the Check Point press release.
Check Point alerted Magento to the problem in January and a patch (SUPEE-5344) was released on February 9th. If you’re a Magento merchant, then you’re well advised to check out that patch and apply it immediately.
Shahar Tal, Malware and Vulnerability Research Manager at Check Point Software Technologies says: “As online shopping continues to overpower in-store shopping, ecommerce sites are increasingly targeted by hackers as they have become a gold mine for credit card information. The vulnerability we uncovered represents a significant threat not to just one store, but to all of the retail brands that use the Magento platform for their online stores – which represents about 30% of the ecommerce market.”
One Response
Yep! Happened on a new Magento of ours. The payment page was emailing some gmail addresses.
We moved to Shopify so we could focus on our business and not on running a web server. Magento is near dead in the water and time will tell how long eBay will sustain it.
It had it’s day in the sun and the company is lucky they got out.