News - Almost 2,000 Magento stores hacked in one weekend

September 14th, 2020. Dutch cyber-security services firm, Saguine Security ("Sansec"), based in Utrecht, reported that almost 2,000 Magento ecommerce stores were hacked over the weekend between Friday Sep 11th and Monday Sep 14th. The stores were running the, now end of life, version 1 of Magento. The company estimates over 95,000 ecommerce stores are still running Magento version 1 and are therefore at risk of this latest exploit.

In November 2019 Adobe, the company behind Magento, a member of our ecommerce platform shortlist, encouraged site owners to migrate from Magento v1 to v2. It is estimated that the 240,000 v1.x stores running at that date is now down to 95,000, but this still represents a large number of vulnerable ecommerce sites that are prone to leaking consumer data without a patch being expected from Adobe.

Adobe is clearly spooked by the possibility that a large number of its websites might be prone to hacking. It announced on September 8th, 2020 it is incorporating technology from Sansec into its Magento admin panel for users of the latest versions of the software. It claims this includes ability to detect and report on 9,000 signatures of malware. The new feature will be free to use for both Magento Commerce and Magento Open Source. More information on the new capability, being called Magento Security Scan, is available here.

This article was updated on March 2, 2021

M Ryan

M Ryan is an ecommerce consultant with twenty years experience working with retailers, consumer brand manufacturers and other consumer-facing businesses helping them to develop their ecommerce strategy, implement ecommerce technology and improve their ecommerce operations. He works extensively throughout US and Europe, with clients including global brands, large retailers and household names in consumer goods.