A new attack targeting Magento Commerce stores known as MageCart has been compromising the payment details of online store customers around the world. Taking advantage of security holes and compromised administrator accounts in Magento Commerce sites the attackers install code that forwards to them payment details entered into the site.

Almost 6,000 sites have already been found to have this malicious code installed, including more than 200 Australian eCommerce sites. As noted by iTnews, this places not just customers at risk, but also your business as Google has begun blocking these sites and credit card issuers such as MasterCard and Visa may penalise you as a result.

How can I find out if my Magento store is at risk?

A quick way to determine if your Megento Commerce site is exposed to this risk is to run a security scan using a service such as MageReport.

Attackers may also use compromised administrator accounts so if you're not using a strong password or you haven't changed it recently, now would be a good time too.

What should I do if my store is infected?

With any Data Breach, your first step should be containing the breach to limit further damage. Until the malicious code is removed you should consider taking the store offline or placing it into maintenance mode. Next contact those that support your Magento Commerce instance and ask them to assist with recovering your store. The following guide from Hypernode may be useful.

Once the technical aspects of the compromise are under control, it's critical that you address the broader customer impacts. IDCARE provide an anonymous service for victims of cyber crime and identity theft and are able to assist you with developing an appropriate response plan.

1300 432 273

Lastly, in these events it is important that you keep good records of your response, including any contact you make with 3rd parties, to support later engagements with law enforcement or insurance providers. Our contact log template may be useful in these events.