The Federal Bureau of Investigation made an official announcement. FBI says hackers have been exploiting a Magento bug first identified in 2017 that allows them to get access to buyers’ payment card data.
The life of Magento 1 running to an end. After June 2020, Magento will stop the support of this platform, concentrating its efforts on Magento 2 instead. Still, there are thousands of websites running on the first version of the platform.
A month earlier, Visa voiced its concerns about the dangers of staying on Magento 1. Now the Federal Bureau of Investigation made an official announcement. The vulnerability, which was first identified in 2017, allows hackers to use the type of attack known as web skimming, e-skimming, or Magecart.
Hackers are exploiting the CVE-2017-7391 vulnerability in MAGMI (Magento Mass Import). This plugin, actively used by Magento online stores worldwide, has a vulnerability that allows for cross-site scripting (XSS). The bug allows hackers to get access to online stores and place malicious scripts in the HTML, PHP, and JavaScript code that record and steal buyer’s payment card data.
Such scripts record all payment details that users enter when they are making a purchase on a Magento website.
Once the data is encoded in the Base64 format and hidden inside the bits of a JPEG file, it is sent to the hackers’ server located at 89.32.251.136.
If store owners want to protect their stores from further attacks, they need to upgrade to Magento 2. After the company stops supporting Magento 1, online stores will become even more vulnerable to such forms of hacking attacks.
What is Waiting for Magento 1 Stores
After Magento 1 End of Life, stores running on Magento 1 will be put at high risk. After June 2020, Magento will stop releasing quality and security fixes. As a result, businesses will be faced with the following problems.
- Lack of security patches can jeopardize the security of customer data.
- Magento development companies won’t release updates for their M1 modules. As a result, such solutions will become another point of failure for online stores.
- You won’t be able to find companies specializing in Magento 1 development.
- PCI compliance checks will become impossible to pass.
- Data compromise will be a constant threat.
Even More Reasons to Upgrade
Magento 2 is far superior to its predecessor with a lot of unique features. The reasons to upgrade to M2 are various. Here is just a few benefits that you will get with the migration:
- processing of 153K more orders per hour as compared to M1
- Magento 2 loads 50% faster
- 66% faster adding of products to the cart
- full PWA support
- availability of Ajax cart
- improved caching system
- faster PHP 7 framework
- significant improvement in hosting framework
- simplified navigation in the admin panel
- availability of various third-party integrations
- a lot of powerful Magento 2 extensions
Do you want to know how Magento 1 store is migrated to Magento 2?
Check our article Magento 2 Migration: Business & Technical Sides. You will learn the risks of ignoring M1 EOL, how to migrate data safely and how to avoid costly mistakes.
Where to Start Magento 2 Migration Process
Magento 1 store owners don’t have much time to make a move. They need to start the migration process as soon as possible.
GoMage offers Magento 2 upgrade at 20% off until the end of May 2020. Our team has already migrated more than 70 projects and continuously helps clients create highly customized Magento stores.