On September 14, 2022, Fishpig, a UK-based company developing extensions for the popular Magento open-source e-commerce platform, announced that its paid software offerings had been injected with malware after its distribution server was compromised.
The malware, which was identified as Rekoobe, is a remote access trojan (RAT) that can give attackers complete control over an infected device. It can be used to steal data, install additional malware, or launch denial-of-service attacks.
Fishpig estimates that up to 10,000 of its customers may have been affected by the breach. The company has advised all customers to immediately uninstall any Fishpig extensions that they have installed on their Magento websites.
This is not the first time that Fishpig has been targeted by hackers. In 2019, the company's website was hacked and customer data, including names, addresses, and email addresses, was stolen.
The Fishpig data breach is a reminder of the importance of website security. Businesses should take steps to protect their websites from hackers, including using strong passwords, installing security software, and keeping their software up to date.
Additional Details
Here are some additional details about the breach:
The malware was injected into Fishpig's extensions on September 10, 2022.
The malware was discovered by Sansec researchers on September 14, 2022.
Fishpig released a statement about the breach on September 15, 2022.
Fishpig has advised all customers to immediately uninstall any Fishpig extensions that they have installed on their Magento websites.
Fishpig is offering free security scans to all customers who have been affected by the breach.
What can you do to protect yourself from a data breach?
Use strong passwords and don't reuse them across multiple websites.
Install security software and keep it up to date.
Be careful about what information you share online.
Be aware of the latest phishing scams and don't click on links or open attachments from unknown senders.
Back up your data regularly.
By following these tips, you can help to protect yourself from a data breach.