Magneto Ecommerce Websites Have Major Vulnerability
Check Point, the cyber security company who discovered and posted a video on its blog. Their engineers setup an ecommerce demonstration that showed how the Magneto flaw could be used to reduce the price of a US$100,000 watch so that shoppers could purchase for much less.
David Cid, the CTO of Sucuri wrote the hackers will first create a fake administrator account in the Magento ecommerce database your website is on. Later, they will come back and execute the attack, crippling your business.
Recommended Next Steps
A patch has been release and you need to immediate update to the lastest version of Magento.Netanel Rubin said “the vulnerability in Magento is composed of several flaws which allow an unauthenticated hacker to run PHP code on a web server. The flaws are within Magento’s core code and affects default installations of Magento’s Community 188.8.131.52 and Enterprise 184.108.40.206 editions.”
Securi’s researchers stated: “always from these two IP addresses from Russia: 220.127.116.11 and 18.104.22.168. If you look for them in your logs, you can see if you have been attacked by the same group.”
This is also the perfect time to check with your SSL companies and ensure that your ecommerce business is protected from hackers.
Check your Google Webmaster Tools account and ensure that your domain is properly setup. Often times you will receive alerts when Google has detected your website has been hacked.