Nexcess
Nexcess Blog Logo
November 24, 2020

This Is What Happens When Your Magento 1 Site Gets Hacked

In June of 2020, Magento 1 reached end-of-life. This put the platform’s 200,000 sites at risk for malware attacks, and opened them up for the potential to incur heavy fines. 

We’ve been urging our Magento 1 customers to either replatform or to install Nexcess Safe Harbor as a stop gap for PCI compliance. In the meantime, stores on Magento 1 remain vulnerable to attack, and their customers’ data is still at risk.

What Does It Mean When a Platform Reaches End of Life?

Magento 1 has been around a LONG time in software history. For the past 13 years, this platform has been home to hundreds of thousands of online businesses, from growing small businesses, to enterprise level operations.

But after over 10 years of service, Magento 1 has become obsolete, and Magento has shelved the platform for updates. That means their teams will no longer be developing security patches and updates for Magento 1 – the platform will remain stagnant.

Stagnant platforms that aren’t proactively monitored and updated for security do not meet the standards set by the PCI Security Standards Council, and may fall out of compliance as threats to the platform emerge.

Why End of Life Presents a Problem for Compliance

PCI compliance standards were originally set forth by a coalition of banks to ensure that online businesses were proactive about protecting their customers’ data. Using a set of standards, the PCI Security Standards Council keeps online businesses from taking a laissez-faire approach to how they handle online transactions.

The standards for compliance are as follows:

  • Install and maintain a firewall configuration to protect cardholder data
  • Do not use vendor-supplied defaults for system passwords and other security parameters
  • Protect stored cardholder data
  • Encrypt transmission of cardholder data across open, public networks 
  • Use and regularly update anti-virus software or programs
  • Develop and maintain secure systems and applications
  • Restrict access to cardholder data by business need to know
  • Assign a unique ID to each person with computer access
  • Restrict physical access to cardholder data
  • Track and monitor all access to network resources and cardholder data
  • Regularly test security systems and processes
  • Maintain a policy that addresses information security for all personnel

As you can see, all of the above distilled into one lesson comes down to this: if your business is not proactive about security, you will not be PCI compliant. If you’re not PCI compliant, you’re subject to hefty fines and penalties.

Nexcess offers a very popular, totally FREE, secure password generator.

What Happens If Your Online Store Isn’t PCI Compliant?

The results of noncompliance are scary. 

It’s not just the right thing to do for your business, it’s the right thing to do for your customers. Running a store on an end-of-life platform can put thousands of people’s data at risk, opening you up to such a high-level of liability that your business might not even survive it.

Fines for noncompliance are typically passed along to the merchant, and can range from anywhere between $5,000 and $100,000 per month until compliance is achieved.

Banks may also choose to terminate their relationship with a noncompliant business, leaving you scrambling to replace your financial institution and payment processor.

Perhaps the most unsettling consequence of all of it is this: the loss of your customers’s trust. Picture them scrambling to protect their own financial information from your site’s security failure. Picture the headlines when the media picks up the story.

It’s not pretty, and it’s completely preventable.

What to Do When You Can’t Afford to Re-Platform

Look, we’re not being heavy handed about this to be jerks about it. This is serious stuff, but we’re also sensitive to the fact that at this point, a migration or replatform isn’t financially realistic for some businesses.

Businesses have struggled during the pandemic. Estimates are that small businesses have seen revenues plummet by a whopping 52% in 2020.

If your business doesn’t currently have the funds for a migration or replatform, you have another option.

Use Safe Harbor for Magento 1 PCI Compliance

A migration from Magento 1 to Magento 2 can cost anywhere from $50,000 to $100,000. For only slightly  more than you’re paying for your current Magento 1 hosting plan, Nexcess Safe Harbor will keep your store secure until you’re ready to re-platform. Safe Harbor is a simple security add-on that uses sophisticated custom security patches from our Magento team to keep stores compliant post end-of-life. 

Current estimates are that Safe Harbor will be able to keep Magento 1 stores secure and compliant well into 2022, giving your company plenty of time to transition to a new platform, or to migrate to Magento 2.

In the wake of Magecart attacks and other security threats that have surfaced since Magento 1 reached end of life back in June, Safe Harbor has continued to protect those stores’ and proactively monitor emerging threats.

Learn More About Safe Harbor

Keep Your Magento 1 Store Security with Magento Experts

Magento’s first beta version was born here on Nexcess servers. Since 2007, our company has been intimately aware and involved with this platform, and has cultivated technology alongside it that enables developers and businesses to build online businesses to scale.

With a full-time Magento Master on staff, world class 24-hour support, and a dedicated team of sysops engineers and security pros, Nexcess has your back through your platform’s end-of-life.

Learn More

Avatar for Nexcess
Nexcess
Power up your sites and stores with custom-built technology designed to make every aspect of the digital commerce experience better. Make your digital commerce experience better with Nexcess. Visit Nexcess.net today and see how we can help.