Magento Commerce is the leading provider of open omnichannel innovation. They provide open source digital commerce platform and cloud-based omnichannel solutions empower merchants to integrate digital and physical shopping experiences. Also Magento recognized as the one of leading eCommerce platform to the Internet Retailer Top 1000, B2B 300 and Hot 100 lists, it works hand in hand with retailers, branded manufacturers across B2C and B2B industries to successfully integrate digital and physical shopping experiences.
Magento Commerce boasts a strong portfolio of cloud-based omnichannel solutions including in-store, retail associate and order management technologies. Magento Commerce is supported by a vast global network of 300+ solution and technology partners and by a highly active global community of more than 66,000 developers as well as the largest eCommerce marketplace for extensions available for download on the Magento Marketplace.
Recently, Magento shop system facing the attack by security vulnerabilities and malware. Magento released a new patch in early 2015. Magento security team told that sites not vulnerable to that and issues show other unpatched issues. Therefore, Malware can also take advantage of this situation where a Magento administrator account has been compromised through non secure password such as weak passwords, phishing or any other unpatched vulnerability which allows for administration access.
The vulnerability can allow an any attacker to gain complete control over the web site / web store with administrative access. It will lead, allowing Credit card theft. There are minimum 200000 websites are using Magento (owned by eBay), this vulnerability attack might be affected more than 100000 web stores.
Magento security team investigating this issue together with all hosting partners and Magento community members. But, issues still existing.
Magento suggested / advised to all the merchants to follow basic best practices to ensure the web store security:
- Check websites for Guruincsite and other malware and security vulnerabilities on files.
- Search and remove any malicious scripts that have been injected into web pages.
- Submit an unblock request to Google using Google Webmaster if Google blocked due to this malware attack.
- Review all admin users in your system, including accounts with the username “admin”.
- Remove any accounts which you are not actively using.
- Implement all available patches ASAP to close any exploitable vulnerability.