Is Magento's eCommerce Platform A Risk To Payments Data?

Are hackers sneaking into eBay's eCommerce platform Magento and stealing payment data?

Well, that's what researchers from Sucuri are suggesting. A recent report on the platform said that hackers are finding "sneaky" new ways to collect data, enabling them to sift out useless information and targeting credit card data, according to a report on ComputerWorld.

The research suggests that the hackers are also "injecting their malicious code into Magento," but there's no clear link as to how, according to Peter Gramantik, a senior malware researcher with Sucuri.

"It seems though that the attacker is exploiting a vulnerability in Magento core or some widely used module/extension," he wrote in a post.

The researcher also explains how the attacker is able to steal the billing details and how they are able to sort out non-payment data vs. payment data, which, he notes, is done by using a "public encryption key that is included in the malicious script."

"If the structure of the POST parameters match, the attacker stores them all — nothing more, but nothing less. They've got all the billing details processed by the infected site," Gramantik wrote. "... Now they have all the billing information processed by the Magento eCommerce website," he wrote. "It's all nicely packed, formatted and collected."

It’s not the first time eBay's Magento platform has showed up in the news related to security issues. Recently, eBay announced that it has once again cleaned up vulnerabilities that could have provided hackers the opportunity to steal data.

That time around, three security vulnerabilities were discovered by Vulnerability Lab’s Security Researcher Hadji Samir, according to a ZDnet report, which identified the security flaws that were used on the platform eBay uses to enable online shopping and transactions. Magento, which is used and owned by eBay, is an eCommerce software and platform used by many leading brands.

In April, Check Point said that their Malware and Vulnerability Research Group discovered gaps in eBay’s Magento eCommerce platform that could impact as many as 200,000 online shops.

“As online shopping continues to overpower in-store shopping, eCommerce sites are increasingly targeted by hackers as they have become a gold mine for credit card information,” said Shahar Tal, Malware and Vulnerability Research Manager at Check Point Software Technologies. “The vulnerability we uncovered represents a significant threat not to just one store, but to all of the retail brands that use the Magento platform for their online stores – which represents about 30 percent of the eCommerce market.”

To check out what else is HOT in the world of payments, click here.



Banks, corporates and even regulators now recognize the imperative to modernize — not just digitize —the infrastructures and workflows that move money and data between businesses domestically and cross-border.

Together with Visa, PYMNTS invites you to a month-long series of livestreamed programs on these issues as they reshape B2B payments. Masters of modernization share insights and answer questions during a mix of intimate fireside chats and vibrant virtual roundtables.

Click to comment