And wait till you hear how they did it… brute forcing using known default admin settings. Sigh.
Yes, some hosts are too lazy to change default log in details. So the Naughty People just are forcing their way in using default credentials.
All this has come to our attention thanks to the security intel company, Flashpoint. They warned that they know of 1,000 pwned installs of the popular ecomm software. The Naughty People are also trying their luck with Powerfront CMS and OpenCarts.
If you look on black hat forums, there’s been noise about this since 2016.
It’s a joy for the script kiddies too because you really need no skill at all. Just run a script and test the default creds on every Magento install you can find. Boom. Job done.
Obviously, once you’re into the control panel for Magento, you can do pretty much anything you want. Like grab all the card information and installing a bitcoin miner.
Most of the 1000 hacked boxes are “owned” (haha) by education and healthcare companies. Mainly in Americaland and Europe.
As anyone knows, not changing the default log in details for a CMS is like sellotaping your front door key to your front door. Something most security professionals frown upon.
Sounds like something for a future edition of our podcast, Stop Being Stupid…