BACKGROUND:

UK National Cyber Security Centre (NCSC) issued a Black Friday warning to more than 4,000 retailers whose customer data was being stolen. The thefts were due to known, but unpatched vulns in the popular e-commerce platform Magento and were based upon reported breaches over the past 18 months. During the checkout process, known vulnerabilities in the program allowed hackers to divert payments and steal customer PII. Excerpt:

  • The compromised shopping websites were identified by the NCSC’s Active Cyber Defence programme, which seeks to remove malicious websites and scams from the internet before they harm the public. The NCSC has monitored for these shops since April 2020 and issued warnings to site owners and SMEs about their software being up-to-date.
Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Saryu Nayyar
Saryu Nayyar , CEO
InfoSec Expert
November 23, 2021 12:11 pm

<p>As if one hack isn’t bad enough, the UK National Cyber Security Centre (NCSC) has warned more than 4000 online retailers that their customer data was being stolen. This was due to unpatched vulnerabilities in the e-commerce platform Magento that were being exploited.</p>
<p>Four thousand retailers is a huge and sobering number. It’s possible that almost everyone who has shopped online has had their personal information stolen. Retailers need to make sure their software is fully patched, and actively monitor their networks for unusual or unauthorized activity. These involve a significant effort, but anything less shortchanges the customers.</p>

Last edited 10 months ago by Saryu Nayyar
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x