You’ve been hacked! What to do to save your business.
There’s no denying that E-commerce has grown at an enormous rate in the last decade. For many companies, eCommerce has quickly become the fastest growing channel; if not the largest channel of sales. Yet sadly, with growth, come those who’d also like to profit from the hundreds of thousands of unprotected sites, ripe with personal data and payment details. Successful ecommerce platforms, such as Magento with 200,000+ installs, makes for a ripe target for the savvy hacker. Daily attempts to intrude payment processes, gain access to data bases, etc. allows them to resell personal data and/or take a cut of the transaction, which can certainly provide a luxurious living for hackers. These malicious elements try to penetrate e-commerce sites to get to merchant accounts. More often than not, it’s a door or window that’s left open; where a company has failed to install a security update, used soft usernames, or simply bad programming. Once successful, the hacker downloads your customer’s personal information. (Username, Address, Payment details, etc). eCommerce hackers are mostly after CC data, user data, and access to payment gateway details so they can shave pennies/dollars off of orders without the company knowing. In 80% of the cases we’ve seen, these compromised sites aren’t aware of the breach for over a year.
In many cases, there are signs that your e-commerce site has been breached. They are:
- If your payment gateway uses Address Verification System (AVS) and Card Security Codes, where the transaction does not contain any AVS or CVV2/CVC2 requests.
- Site speed and page load performance during checkout. (common when your checkout is now being asked to make an add’l call, per the hacker’s design.)
- If the transaction does not include any Customer Identification Information.
- If there are several transactions within a really short period on your magneto platform or any other ecommerce platform you operate on.
- Repeat User ID access to the database at odd hours. (often it’s a valid username & password)
- Offset the balances when reconciling transactions at the end of the month.
- Suspicious multiple transactions from the same IP (Internet Protocol) address
If you’ve have experienced any of these signs, simply take these five steps to assist in the recovery of your website.
- Take your website offline You should tentatively shut the site down while it is being assessed and fixed. Stop the bleeding! For example, adding a text file named “maintenance.flag” to the web root of a Magento-based site will put the site into maintenance mode and display a 503 service unavailable message to site visitors. (We strongly recommend customizing the 503 message, offering customers a phone number to call if they have questions about an order or even posting a discount code for free shipping when the site comes back up.)
2 . Change all passwords and control access going forward Despite warnings, soft passwords are still commonplace and result in site hacks. Take the time to review all user accounts, access levels, permissions, etc. and close off any potential vulnerabilities.
-
Scan your local computers for viruses and malware You will need to scan your entire environment and touch points to 3rd party solutions with an anti-virus software to ensure the are not infected with malware, Trojan, spyware, etc. Be sure your anti-virus software is up-to-date before using it to scan your computer. If you’re running Magento code, you’re in luck, you can conduct a free scan of your code base at https://www.sekursite.com/site-scan/
-
Clean up the site With the help of a security minded developer, systems integrator, or consultancy, you might be able to discover the malicious code affecting your site. Delete all code found and refresh with a clean installation from a backup and manually check all plugin folders.
-
Notify your ecommerce software provider. Yes, getting hacked can be embarrassing, painful, and emotional. Yet, now is your chance to spread the word and help others. If you remain silent, software vendors will go on believing that their code bases have “never been hacked” and other industry peers using that code base will certainly fall victim to the same scan. Once successful many hackers will simply ‘rinse & repeat’, deploying their code to other sites on the same platform by exploiting the same holes found on your site. Contact your software provider pronto!
If you feel your site has been compromised or you’d like to test your site’s security, don’t hesitate to take a free scan today. Click here Let them find the holes in your site before someone else does.