Magento Communicates with Users About Brute Force Attacks

Last week we published a story that Cybersecurity researchers at Flashpoint found about a thousand compromised Magento Admin panels which allowed hackers to take over the sites and use them for cryptocurrency mining and stealing credit card data.

Flashpoint also stated they assumed this brute-force attack might have impacted more Magento users as well as users from other platforms.

Magento reached out to us and communicated the following:

Up to 1,000 open-source accounts were affected by brute force attacks, a form of fraud where cybercriminals take advantage of weak passwords to steal information and distribute malware.

This is not a new threat, as there have been previously reported variants that have impacted other vendor systems. All accounts identified were on Magento Open Source (formerly Community Edition), and we have communicated to users how to take immediate action and employ preventive measures.

We continue to be fully committed to ensuring the security of our merchants and their customers, encouraging all of our merchants to stay up-to-date on security patches and recommended security best practices, found at www.magento.com/security/best-practices, as well as perform malware tests on sites with the Magento Security Scan Tool accessed in their Magento account.

We strongly recommend that all Magento Open Source or Community Edition users go to www.magento.com/security/best-practices and follow Magento’s recommendations.

And it is good to see that Magento reacted to the story evenso it included Open Source software so that users could be take appropriate precautions.

As the company also stated, this is not a particularly new threat with cybercriminals trying to gain access via brute-force attacks.

But we believe the fact that Flashpoint found compromised Magento Admin credentials on the Dark Web should remind everyone that hackers will always look for ways into systems.

And they will typically find greater success in those installations that are not up-to-date with security patches or use lax password policies.

We’d love your thoughts on this story. Head over to our Facebook Discussion Group or use the comments section below.

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on pinterest
Pinterest
Share on email
Email