If you use Magento for your online store, you probably felt a little nervous this past week, because Adobe announced it identified and fixed a potentially very serious bug known as SessionReaper. User session IDs could be compromised and you can imagine the impact a hacker could have if they controlled your customer's session. Imagine shopping online and a hacker is in your cart while you are checking out - pretty scary, right?
I have used Magento. It can be a powerful platform, but is also complicated and the ongoing maintenance can be a pain. Your business depends on updates like Adobe's recent patch to keep your online store safe and secure.
• Update Magento to the new patch immediately
• Look at your site logs for any suspicious login activity.
• Advise your team to be on the lookout.
Neglecting your updates is akin to leaving the front shop door wide open at night. You don't do that, do you?
Do I still trust Magento? For certain. All systems have sloppiness, still the important thing is how quickly it gets tended to.
I have used Magento. It can be a powerful platform, but is also complicated and the ongoing maintenance can be a pain. Your business depends on updates like Adobe's recent patch to keep your online store safe and secure.
What was the SessionReaper bug?
With the SessionReaper bug, hackers could:- Access user sessions and take over an account without needing to provide a username/password.
- Access user data, potentially including order histories and user profile information.
- Access an administrators account, if they had the proper target.
Why it matters
So why the big concern? The answer is simple: trust is everything in online shopping. If buyers don’t feel safe, they won’t be back. This patch fixes a bug that could have resulted in:- Loss of trust.
- Loss of money and sales.
- Loss of reputation (hard to repair once broken).
What shop owners need to do now
If you are running Magento, don't put it off. Just do it now:• Update Magento to the new patch immediately
• Look at your site logs for any suspicious login activity.
• Advise your team to be on the lookout.
Neglecting your updates is akin to leaving the front shop door wide open at night. You don't do that, do you?
My opinion
In summary, I think Adobe did a great job here. They were quick to figure it all out and take action to mitigate the issues before malicious hackers had a chance to exploit them. I know updates can be annoying, but especially in the case of ecommerce stores: update = safety.Do I still trust Magento? For certain. All systems have sloppiness, still the important thing is how quickly it gets tended to.
