Magento online stores hacked in largest campaign to date

My business maintains a few ‘legacy’ Magento-based sites that no longer take payments but are needed for historic data. We see multiple attacks every day. This seems to be a significant ramp-up though. Time to check your site for patch status and any nasties…:

More than 2,000 Magento online stores have been hacked over the weekend in what security researchers have described as the “largest campaign ever.”

The attacks were a typical Magecart scheme where hackers breached sites and then planted malicious scripts inside the stores’ source code, code that logged payment card details that shoppers entered inside checkout forms.

“On Friday, 10 stores got infected, then 1,058 on Saturday, 603 on Sunday and 233 today,” said Willem de Groot, founder of Sanguine Security (SanSec), a Dutch cyber-security firm specialized in tracking Magecart attacks.

[…]

Original article here