Artur Lemański

Senior PHP Developer

Sep 14, 2020 in Development

Have you migrated from Magento 1 platform? If not, then you have a good reason to do it as soon as possible.

Can you remember my previous articles where I wrote that Adobe stopped supporting the Magento 1 platform for good? If not, you can read this post here and get familiar with the topic.

In short, I described a few scenarios that can occur when someone ignores the migration to a newer and supported version of Magento and feels that having enough luck to stay on the old Magento 1 platform.

We didn't have to wait long for Cassandra's prophecy to come true—the worst just happened…

You must have heard that lately (11-14 September 2020), almost 2,000 Magento 1-based online stores got hacked. So far, it is the largest hacking campaign aimed at e-commerce companies in history. The hackers used the typical Magecart scheme, which involves injecting malicious scripts into the store's source code. The code implemented by the hackers was stealing the credit card details that customers provided during the purchase process.

The whole story started on Friday when only 10 stores were infected, but then things went even worse. The next day, 1,058 stores were infected, 603 on Sunday, and 233 on Monday. This automated campaign was the largest hacker campaign identified so far (the previous record was 962 stores hacked in July 2019).

What was the reason for all these attacks? Unfortunately, the answer is very obvious.

Do you have a store on the Magento 1 platform? Sooner or later you will also get hacked.

All the hacked stores had one major factor in common—they were running on the Magento 1 platform. As I wrote in my last article, this version of Magento reached the end of life (EOL) state on June 30, 2020, which means it will no longer receive any security updates.

I also anticipated such a scenario in that article, and I'm afraid that is only the beginning. Before EOL appeared, information about a zero-day vulnerability for Magento 1 appeared in underground hacking forums (the so-called "Dark Web"). This means that hackers had found a security hole, but waited for Adobe to stop supporting Magento 1 to make sure they would not publish another security patch for such a vulnerability. Clever, isn’t it?

Fortunately, the store owners started migrating their stores to the newer version to avoid the problem. According to Adobe statistics, the number of stores built on the Magento 1 platform has dropped from 240,000 in November 2019 to 95,000 today. I think this is because Adobe has started urging store owners to migrate their stores by making them aware of the dangers ahead.

As you can see, the pace is slow, but I think it's a matter of time before store owners using outdated versions of Magento finally move to the newer version of Magento. Some companies have begun to rely on additional layers of security (such as Web Application Firewalls—WAF) to mitigate the possibility of attacks while working on the migration (as they still use Magneto 1 software).

Using WAF is a great idea, but using such technology won't solve your problems in the long run as we may still have issues with the payment processor's compatibility, etc.

Wrapping things up

As you can see, migrating from Magento 1 to Magento 2 is not a whim and should be taken seriously. There are too many risks in the long run and you should consider whether they are worth taking—keep in mind that it means you are putting your good name and the brand you have worked hard for at stake.

If this article convinced you to update your store, then it will be my personal success :) Of course, if you don't have the technical skills to carry out the entire migration by yourself, then don't hesitate to write to us. We have enough knowledge and experience to do it for you.

This step is worth consideration because once we take care of all the migration, you can easily focus on what you do best—developing your business and selling your goods!

Do you need more information about this topic?

Schedule a call with our developers

Let's talk!

Back to top