Website’s resistance to malware attacks depends heavily on the compatibility of versions of the systems and services it runs on.
A customer of ours used a third-party ERP solution that supported an outdated version of Magento 2, complicating timely platform updates. Having underestimated the severity of the situation, stakeholders decided to leave everything as is rather than to refine the integration between Magento 2 and the ERP system or to update the platform. Compatibility restrictions made the store an easy target for hackers: due to an encrypted malicious code embedded on the site, attackers were able to copy customers’ credit card data on the fly.
Having detected the vulnerability in the shortest time, our team patched the system to secure it from further attacks and upgraded it to the latest Magento version available, while keeping the ERP integration afloat. Fortunately, we have prevented the irreversible consequences this issue could have caused and convinced the customer that regular updates are a must to ensure that the business is running smoothly.