UK National Cyber Security Centre (NCSC) issued a Black Friday warning to more than 4,000 retailers whose customer data was being stolen. The thefts were due to known, but unpatched vulns in the popular e-commerce platform Magento and were based upon reported breaches over the past 18 months. During the checkout process, known vulnerabilities in the program allowed hackers to divert payments and steal customer PII. Excerpt:
- The compromised shopping websites were identified by the NCSC’s Active Cyber Defence programme, which seeks to remove malicious websites and scams from the internet before they harm the public. The NCSC has monitored for these shops since April 2020 and issued warnings to site owners and SMEs about their software being up-to-date.
<p>As if one hack isn’t bad enough, the UK National Cyber Security Centre (NCSC) has warned more than 4000 online retailers that their customer data was being stolen. This was due to unpatched vulnerabilities in the e-commerce platform Magento that were being exploited.</p>
<p>Four thousand retailers is a huge and sobering number. It’s possible that almost everyone who has shopped online has had their personal information stolen. Retailers need to make sure their software is fully patched, and actively monitor their networks for unusual or unauthorized activity. These involve a significant effort, but anything less shortchanges the customers.</p>