A Magento Exploit That Allows Hackers to Skim Credit Card Data During Checkout

I think some of you have come across these articles:

http://blog.nexcess.net/2014/07/25/recent-exploit-using-fake-magento-extensions/

http://www.thewhir.com/web-hosting-news/nexcess-uncovers-magento-exploit-allows-hackers-skim-credit-card-data-checkout

They talk about a Magento exploit that allows hackers to skim credit card data during checkout. Although the articles were published 2 months ago, it’s surprising that there are still a lot of websites using Magento affected by this exploit. I and my friend scanned a number of websites and we were actually able to change their core files which allowed us to skim credit card data during the checkout process. The skimmed data was then logged to a fake image file (actually a text file) located in the media folder, then we were able to download these text files from a remote server. We were able to get thousands of Credit Card numbers a day from this exploit and others can also do the same.

Some of you may not be aware that your sites may contain improper sourcing & installation of hacked third-party extensions. Therefore, I am writing this thread to ask you to do the following ASAP (Especially for those who use Magento Go and ProStores)

1. Quarantine the files affected

2. Change your admin passwords in Magento

3. Alert your credit card processing company of the breach

4. Inform your hosting provider of the breach so other sites will not be affected

5. Upgrade to Magento Enterprise or switch to another platform

I hope this thread is helpful for you. You can go through the two articles above for more information. Remember to inform your hosting provider of the breach.

Thank you.

 

Hi Jack,

Thank you for sharing this valuable information. We do magento customization. now we will take care of security of our client credit card.

Thanks