6000 Online Stores Compromised with Malware – How to Protect Your Site

The news that has taken the eCommerce world by storm this week – a report has been published stating that nearly 6,000 online stores have been compromised and outfitted with credit card skimming operations. Unbeknownst to most of the store owners – these hacks have been going undetected for months. The report states that at least 159 of the store’s owners are on the Magento Enterprise platform.

An Uphill Battle

The study found that over ten types of malware were utilized, and over 170 new stores were infected every 48 hours. The creator of the report attempted to contact some of the store owners, but with little luck, or dismissive responses.

Newer versions of this malware are increasingly sophisticated. The malware is now able to check for popular payment plug-ins. Typically this type of malware will pull the information desired and send it directly to an email address or dump it into a file for the hacker to access. Recently, however, there has been an upswing in sophisticated code that dumps stolen credit card information into image files that appear entirely normal and harmless, the hacker can then easily access that image file.

Protecting Your Website

There are some precautions you can take to keep your website safe from this type of malware.

1. Keep your Magento platform up to date with all the latest patches. Many hacks are performed on sites with outdated security features, that are not up to date on the newest patches.
2. Utilize long, complex passwords  – this will make them harder to guess or brute force.
3. Make sure your store follows all PCI compliance guidelines – this is not just a suggestion, but also a requirement for all online stores.
4. Be sure to keep multiple backups of your store, in various places – this will allow you to restore your website to an earlier version if there is irreversible damage on your live site.

If You’ve Been Hacked

If you think your website has been hacked, a great place to start is with our code audit report. This is a free tool that you can run yourself on your website, or you can contact us and we can run the diagnostic scan for you and help you identify the next best steps for your business. Call 303.473.4400 or visit here to have a real person contact you now >>