Many online stores in the United States have a serious security breach.
Operators of online shops, which rely on outdated versions of the shop software Magento, had to close a serious security gap at the latest since September 2017, which can put customer data at risk. At that time a manufacturer for security tools pointed out - several hundred shops were affected at the time, in the United States alone. There were over 6,000 websites worldwide. In the meantime the number has risen to at least 1,000 stores, according to the BSI (Federal Office for Information Security) in a current communication. Operators would not have responded or infected again.
Cybercriminals have exploited a vulnerability in obsolete versions of Magento. They set up pests on the servers of the shops, which can intercept customer data during an ordering process and send it to the criminals. This is called online skimming and describes a typical man-in-the-middle attack, in which a third party (the pest) sneaks in inconspicuously between two communication partners (a shop and his customer). This type of attack is not visible to the customer.
According to BSI it is not known whether and to what extent customer data were read and passed on. "Unfortunately, many operators are still very sloppy in securing their online stores," says BSI President Arne Schönbohm, "a large number of stores are running outdated software versions that contain several known security holes." Operators must respect their responsibility for their customers and ensure their services quickly and consistently.
Which shops are affected and which do not, does not betray the BSI. Shop operators can find out whether their Magento shop is affected by the current skimming case on the free website MageReport. Timeless security tips for online shopping are available in a separate article on pc-magazin.de.
No comments:
Post a Comment