If you are running a Magento based ecommerce website, then this Alert is for you! A critical flaw in Magento has been exposed which can enable hackers and cyber criminals to exploit your Magento based website and steal your customers Credit card information and virtually take control of your website.
Magento has realized and acknowledged this threat and therefore has released a critical security patch (SUPEE-5344) to counter this threat. The remote code execution (RCE) vulnerability, or popularly called “shoplift” bug, was first by Check Point Software Technologies in late January 2015. They called it RCE (remote code execution) vulnerability. It was then demo to Ebay who owns the Magento platform. Upon confirmation, Magento released the security patch.
How to protect your website:
We suggest all Magento users to immediately download the security patch SUPEE-5344 released by Magento and update your website. Contact your Magento developer for details on this exploit and get the website patched up at the earliest. This flaw affects both Magento Enterprise Edition and Magento Community Edition. To check if your website is already patched, you can go the the following link or click on the image and enter your URL to test.