Summary
Hundreds of ecommerce websites, including some prominent ones, have fallen victim to a cybersecurity breach linked to corrupted Magento extensions that had been dormant for six years. Researchers from Sansec uncovered the supply chain attack, revealing 21 compromised Magento extensions from three providers: Tigren, Meetanshi, and MSG, with some of the backdoors dating back to 2019.
Key Points
- Hundreds of ecommerce sites, including major players, are affected by a Magento supply chain attack.
- Security researchers found 21 backdoored Magento extensions linked to three different companies.
- The attack had laid dormant for six years before being discovered.
- The compromised extensions belonged to Tigren, Meetanshi, and MSG, with vulnerabilities traced back to 2019.
- This incident highlights the risks associated with using third-party extensions in ecommerce platforms.
Why should I read this?
If you’re into ecommerce or web management, this article’s a must-read! It’s a real eye-opener about the vulnerabilities lurking in popular platforms like Magento. It’s a timely reminder to keep your security tight and stay informed about the potential dangers that could affect your online business. Don’t let your site be the next victim—be proactive and read up on this issue!