We have become aware of a security issue stemming from vulnerabilities in the popular Magento eCommerce platform that may impact those merchants who use that system and make them susceptible to a possible data compromise.
In fact, several law enforcement agencies have previously sent alerts and information related to these vulnerabilities to merchants who use Magento in an effort to help merchants and acquirers protect themselves and their customers. (You may have previously received such information directly, if a Magento user, from either law enforcement, Magento, or Vantiv.)
All Magento Users:
Please adhere to the guidance that follows in this notice to ensure you were not impacted by this issue and verify you are up-to-date on all necessary patches.
— The MageReport.com offers a free service that can be used by merchants to scan their websites and provide quick insight into the security status of their Magento shops and how to fix possible vulnerabilities.
— The Magento Security Center provides support as well as the necessary patches to remediate issues as soon as possible.
— As a best practice, we recommend the inclusion of detection process in near real time to identify new patches that may become necessary. If you are using the Magento platform, please sign up for the Magento Security Alert Registry here.
For more information and details on indicators of compromise, please also reference the two PDF documents noted below: