Security News > 2021 > November > UK govt warns thousands of SMBs their online stores were hacked
The UK's National Cyber Security Centre says it warned the owners of more than 4,000 online stores that their sites were compromised in Magecart attacks to steal customers' payment info.
In Magecart attacks, threat actors inject scripts known as credit card skimmers into compromised online stores to harvest and steal the payment and/or personal info submitted by customers at the checkout page.
"The National Cyber Security Centre - a part of GCHQ - proactively identified 4,151 compromised online shops up to the end of September and alerted retailers to these security vulnerabilities," the UK cybersecurity agency said.
Impacted online retailers were urged to keep Magento - and any other software they use - up-to-date to block attackers' attempts to breach their servers and compromise their online shops and customers' information during Black Friday and Cyber Monday.
"We want small and medium-sized online retailers to know how to prevent their sites being exploited by opportunistic cyber criminals over the peak shopping period," said Sarah Lyons, NCSC Deputy Director for Economy and Society.
The agency also provides guidance for individuals and families who want to shop online securely, advising them to only shop on trusted online stores, use credit cards for online payments, and always watch out for suspicious emails and text messages with offers that seem too good to be true.