Magento Website Extension Hack: What You Need to Know


Magento Website Extension Hack: What You Need to Know

“A rough cut, blow or stroke.” “Using a computer to gain unauthorized access to data in a system.” Both definitions of “hack” seem to apply when your business is compromised – factually and emotionally..

Not only does the stolen data and lost customer information cause stress, but getting hacked also may feel like a blow to your sense of security. You wonder how they got in when you’ve been so careful to protect your passwords and other data. You question what you did wrong and how you can fix it. Getting hacked is devastating, especially for a small-business owner.

Magento Help Desk Hack

Unfortunately, you recently may have felt that blow because of a Magento website hack. The online attackers exploited a cross-site scripting (XSS) vulnerability found in the popular Magento website extension Mirasvit Help Desk MX. Many Magento store owners use the extension to improve their customer support by increasing accessibility via “Contact Us” forms, tabs, chat or widgets. It’s also often used to create a ticket area for Magento customers to create or reply to tickets, check their history and more.

The Mirasvit Help Desk MX vulnerability was discovered and fixed in September 2016, but it still exists in extension version 1.5.2 and all earlier versions. If you have an older version of the extension, hackers were able to inject script code in the support form’s customer name or ticket subject fields. This malicious code was not visible, but instantaneously was applied when the ticket was opened

During this XSS attack, the Magento support agents who viewed the Help Desk tickets were only able to see seemingly harmless messages like “Hey, I strongly recommend you make a redesign!” But when the ticket was opened, a malicious code was added to the footer of the Magento website template – enabling the hackers to intercept payment data from your store’s checkout process.

“This attack is particularly sophisticated, as it is able to bypass many security measures that a merchant might have taken,” reported cybersecurity expert Willem de Groot.

Mirasvit recommends anyone who has its Help Desk MX extension immediately upgrade their version. It’s also important to analyze your Magento header and footer templates, as that was where the malware was inserted (if you were infected). You also can run a query for tickets that include ‘%script%’ to find evidence of the XSS attack.

Prevent Future Hacks With Solvature

Although third-party extensions can be valuable for your Magento store, they’re typically the cause of security vulnerabilities. These hacks not only compromise your customers’ personal data and payment information, but they also may damage your store’s credibility. That’s why you need experts who can analyze and monitor your Magento website from all angles. Solvature can help ensure your Magento store and all components – additional installations, themes, extensions and more – are safe and up to date.

We want to help you grow, convert and gain trust from shoppers online. To do so, you need a trustworthy, secure eCommerce store. We offer cloud hosting, diagnostics, performance and development operations – so you can focus on your business and leave the technical side of Magento to us.


To learn more about Solvature’s Magento services and audits, visit our MageRx page. To speak with someone from our team about improving your Magento store today, contact us at 800-781-7146.