Magento Supply Chain Breach Exposes Thousands of E-Commerce Sites to Payment Data Theft

A deeply embedded backdoor in Magento extensions has surfaced after six years, affecting 500 to 1,000 e-commerce websites—including a $40 billion multinational. The long-dormant malware has now been activated, compromising sensitive customer data in a widespread supply chain attack.

  • Between 500 to 1,000 Magento-based e-commerce sites compromised in a coordinated malware campaign.
  • Sansec, a Dutch cybersecurity firm, revealed that 21 Magento extensions carried the same malicious backdoor.
  • The malware was injected up to six years ago but only activated in April 2025, making the attack both long-term and stealthy.
  • Victims include a $40 billion multinational and hundreds of other online retailers.
  • Extensions from vendors like Tigren, Meetanshi, and Magesolution (MGS) were identified as the primary vectors.
  • Attackers gained access to vendor download servers, injecting malware directly into the distribution supply chain.
  • Some backdoored packages are still available for download, posing ongoing risks.
  • Meetanshi confirmed a breach but denied code tampering. Tigren denied being compromised, while MGS has yet to respond.
  • The campaign also includes a tainted Weltpixel GoogleTagManager extension, though its source remains unverified.

This sophisticated supply chain attack reveals the growing risk of deeply embedded malware in third-party software solutions. With attackers targeting trusted Magento extension vendors, e-commerce businesses must immediately review and audit their integrations, patch vulnerable components, and implement continuous security monitoring to prevent customer data theft.

Stay alert. Stay protected. Net Protector Cyber Security recommends regular audits of all third-party software and proactive threat detection mechanisms for every online business.