Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites
Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites
Stay secure with the latest e-commerce cybersecurity trends, news, and tips to protect your online business from cyber threats.
Search across headline titles and summaries.
Background for this topic.
E-commerce is the online sale of goods or services through storefronts, marketplaces, mobile apps, and supporting payment and fulfilment systems. Its important assets include customer identities and addresses, payment data or payment tokens, order records, pricing, and account credentials. Availability and transaction integrity matter alongside confidentiality: customers must be able to place orders, and prices, inventory, and delivery details must not be altered improperly.
Security concerns span public websites and APIs, account takeover and payment fraud, vulnerable third-party components, and integrations with payment, logistics, and marketing providers. TLS protects communications, while strong authentication, secure session handling, input validation, patching, and monitoring help protect accounts and transactions. Payment-card environments may fall under PCI DSS; privacy obligations also govern personal data. E-commerce operators need tested controls for detecting fraud, limiting access, preserving audit records, and responding when systems or transaction data are compromised.
Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites
The infamous payment-skimmer cybercrime organization is exploiting CVE-2024-20720 in Magento for a novel approach to stealing card data.
Nothing says 'sorry' like 10 percent off shipping for a month Ecommerce platform Pandabuy has apologized after two cybercriminals were spotted hawking personal data belonging to 1.3 million customers.…