Well, anyone that owns a Magento shop site should be feeling pretty proud of the fact they chose Magento for their eCommerce platform, the work they have done to review and therefore ensure as many security vulnerabilities in their platform have been found before the hackers do, is brilliant. Ok, so for my Security Team at objectsource, it has been one heck of a ride this last week, but I am sitting proud of the work they have done with their diligence in keeping our clients safe.
We were already steadily working through our clients list to patch their sites with SUPEE-6788, anyone who knows about this patch, it was pretty big and needed to be carefully done. However, Tuesday morning we were suddenly alerted to the Credit Card Hijack and Ransomware vulnerability! Our Technical Director dropped everything, pulled a War Room meeting with the objectsource senior technical team and devised a plan to ensure our entire client portfolio of Magento websites were patched up within 24 hours. All clients had to be communicated to, patches implemented safely and ensure all websites were still working with no glitches! Plan was ratified by the objectsource Operating Board and off they went…
The team pulled together, ensured every client was called to have everything explained to them, questions and concerns answered and their expectations set. Then by close of business Wednesday, everyone was patched and safe. As a result, we have now written a custom script (we have a very clever developer that did this) that we will be running regularly on all our websites to help us keep an eye on our clients Magento websites security status.
I really must stress to anyone out there that has a Magento website, don’t think ‘oh, I am just a small website, who is going to want to hack me’ or ‘oh, I am sure someone has this under control for me already’! You really must check, it will not be obvious you have been hacked at all and maybe you haven’t, yet, but be diligent before it is too late. I had a client that said to me “Rebecca, it is highly unlikely my site will have or will be hacked, we are just not an interesting target”, I responded with “I have news for you, you were hacked! We caught it and fixed it straight away, so no harm”!!!
If you would like to find out if your website is ok, then Magereport is a useful tool. You must keep up to date with the latest Magento Security Patches, there have been quite a few very important ones over the last couple of months. If you are concerned about your website, then please do call us and we can help you understand what you should do.
