Hackers have hit more than 4,151 online retailers during Black Friday and Cyber Monday sales, stealing payment information and other personal information from customers, the National Cyber Security Centre in the UK said.
It notified 4,151 small business sites whose customers’ payment details were being stolen.
“We want small and medium-sized online retailers to know how to prevent their sites being exploited by opportunistic cyber criminals over the peak shopping period,” said Sarah Lyons, deputy director for economy and society at the NCSC.
“Falling victim to cybercrime could leave you and your customers out of pocket and cause reputational damage,” Lyons said in a statement.
The majority of the online shops used for skimming identified by the NCSC had been compromised via a known vulnerability in Magento, a popular e-commerce platform.
“Retailers are urged to ensure that Magento – and any other software they use – is up to date. The NCSC’s website has guidance on running a secure website, including moving businesses from the physical to the digital,” the UK watchdog said.
The compromised shopping websites were identified by the NCSC’s Active Cyber Defence programme, which seeks to remove malicious websites and scams from the internet before they harm the public.
One of the key things that online retailers can do to help prevent payments and personal data being stolen is to apply the available security patches that stop cyber criminals from being able to exploit known vulnerabilities in Magento and any other software they use, the UK watchdog added.