Security News > 2021 > November > Ecommerce platforms (cough, Magento) need patching before Black Friday, warns UK's National Cyber Security Centre
If you run a small online business powered by the Magento ecommerce platform, Britain's National Cyber Security Centre is begging you to make sure it's fully patched ahead of Black Friday.
"Retailers are urged to ensure that Magento - and any other software they use - is up to date," said the GCHQ offshoot in a statement today, adding it had notified 4,151 online stores that their Magento installations were vulnerable to compromise by criminals.
"The majority of the online shops used for skimming identified by the NCSC had been compromised via a known vulnerability in Magento, a popular e-commerce platform," said the cybersecurity agency.
Magento is one of the more widely used free e-commerce platforms.
Compromising Magento to steal customers' credit card details is a problem that has lingered for years - and the barrier to entry for this kind of digital crime isn't very high, as Dutch infosec firm Sansec noted last year after spotting a video offering Magento hacking tips for just $5,000.
Attacks on Magento installations are so popular in the criminal underworld that they spawned an entire industry of card thieves loosely known as Magecart.