Half Dutch webshops Magento leak has not yet closed




Many large Dutch websites have been hit by a bug in the e-commerce platform Magento. The vulnerability has been two months since closed, but only half of the Dutch webshops Magento installation has been updated to the latest version.

The leak in Magento allows attackers to run code on a website with Magento. The bug has been patched in February, but many merchants have not yet updated their installation to the latest version. Among the affected merchants are also many Dutch companies, including a webshop KLM for its frequent flyers and accessory shop of T-Mobile. The webshops De Volkskrant, Het Parool, the Algemeen Dagblad and Trouw were vulnerable. This was discovered by Willem de Groot, co-founder of web host Byte .

The listed merchants are now patched. Many retailers, however, have not yet updated their installation, according to a survey of vulnerable web shops that De Groot has created a tool that searches for vulnerable systems. Below are a great airline, an oil company, a large consulting firm and an energy supplier. Users can check whether a Magento installation is vulnerable through a tool of shopping cart software

Attackers try likely to break into large-scale vulnerable Magento installations. “In our access logs we see that our clients’ websites are scanned from eight IP addresses, mainly from Russia,” says De Groot. Chances are therefore very high that Magento installations that have not yet been updated, have been infected. In addition, an attacker can steal user cookies for example, retrieve information from the database or deeper into the Web trying to penetrate.

A week ago, the number of vulnerable web shops was estimated at 100,000; how many are still vulnerable now, is not known. In the Netherlands, 50 percent of webshops vulnerable, according to a scan of De Groot. Thus the Netherlands is doing relatively well internationally: the United States, the number of unpatched web shops at 60 percent, Russia 77 percent and in China even at 84 percent.


In: A Technology & Gadgets Asked By: [23633 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »