A flaw in Magento e-commerce compromised thousands of retailers’ data

Magento Flaw Ecommerce Compromised Data Payment Skimming Attacks Vulnerability Exploit

Recent reports identified a vulnerability in Magento e-commerce platform that threat actors exploit to perform payment-skimming attacks against online retailers and steal their customers’ payment details and other sensitive information.

The National Cyber Security Centre (NCSC) declared that about 4,151 total retailers had been attacked because they exploited Magento’s vulnerability on its checkout pages. The vulnerability allows threat actors to divert payments sent by customers and steal their sensitive details. Most of the affected victims are from small and medium-sized enterprises that NCSC has alerted for 18 months.

Ahead of Black Friday, NCSC has also notified all affected retailers regarding their consumers’ data being compromised to a breach and urged them to secure their website further in preparation for the busiest day of online shopping. As stated by NCSC’s deputy director for economy and society, being victimised by these threat actors can leave people empty-handed and can cause damage to a firm’s reputation.


Online retailers worldwide that use the Magento e-commerce are advised to apply security patches to prevent threat actors from attacking their businesses and exploiting vulnerabilities, such as stealing payments and personal data.


The NCSC and the British Retail Consortium (BRC) released a Cyber Resilience Toolkit for Retail last October 2020, intending to heighten security among all retail owners. Despite the kit being released a year ago, security authorities believe these measures are still highly relevant and important to be applied today.

Furthermore, a spokesperson from the BRC said that all types of skimming and other cybersecurity breaches still pose a threat to all retailers worldwide, be it online or physical shops. Therefore, they must follow the instructions and advice given by the NCSC, especially during the coming busiest periods of the year.

The NCSC’s Active Cyber Defence programme has identified the compromised e-commerce platform as a part of it. The programme intends to monitor flaws and vulnerabilities found within cyberspace that could affect and have affected online retailers since April 2020.

Lastly, the NCSC has once again stressed the importance of staying safe when shopping online for consumers. They said that consumers must be selective on where they choose to shop and avoid providing extra information about themselves that may be leveraged for attacks. Keeping their online accounts secured and protected is also necessary.

About the author

Leave a Reply