Hackers attack online stores with new attack

A security researcher has found a serious weakness in the software that powers thousands of e-commerce sites. The platform, called Magento, and its paid version Adobe Commerce, has a bug that allows attackers to enter active shopping sessions. Some attackers can even take control of the entire store.

The flaw is known as SessionReaper. It allows hackers to pretend to be real customers without needing a password. Once inside, they can steal data, place fake orders, or install tools that collect credit card data.

Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM fact sheet

Why is this attack so serious?

The problem starts in the part of the system that handles how a store communicates with other online services. Because the software does not properly verify the information it receives, it sometimes relies on data it should not. Hackers take advantage of this by sending fake session files that the store accepts as real.

SecPod researchers warn that successful attacks can lead to the theft of customer data, fake purchases, and even complete takeover of the store’s server.

Once the attack method was shared publicly, cybercriminals immediately began using it. Sansec security experts reported that more than 250 online stores were compromised in a single day. This shows how quickly attacks can spread once a vulnerability becomes public.

Why are many stores still unprotected?

Adobe released a security update on September 9 to fix the issue. Weeks later, about 62% of the affected stores still have not installed it. Some store owners fear that an update could break their site’s functionality. Others simply don’t know how serious the risk is.

Every unpatched store remains an open door for attackers who want to steal information or install malicious code.

MAJOR COMPANIES INCLUDING GOOGLE AND DIOR SUFFERED BY MASSIVE SALESFORCE DATA BREACH

How can you stay safe when shopping online?

While store owners are responsible for fixing the problem, you can still take smart steps to protect yourself when shopping online. These actions can help you detect dangers early and keep your personal information safe.

1) Look for warning signs

Always pay attention to the behavior of a website. If a page looks strange, loads slowly, or displays error messages, it could mean something is wrong behind the scenes. Look for the small lock symbol in the address bar which shows that the site uses HTTPS encryption. If it is missing or the site redirects you to an unknown page, stop and close the browser tab immediately. Trust your instincts if something doesn’t feel right.

2) Be careful with email links and use a data deletion service

Cybercriminals often use fake promotional emails or ads that look like real store offers. Instead of clicking on links in messages or banners, type the store’s web address directly into your browser to avoid phishing pages designed to steal your login details or card information. Since attacks like SessionReaper can expose your personal data to criminal markets, consider using a reliable data removal service that continuously scans and removes your private information, such as your address, phone number, and email, from data broker sites. This reduces the risk of identity theft if your information has been leaked through a compromised online store.

While no service can guarantee complete removal of your data from the Internet, a data deletion service is truly a smart choice. They are not cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically deleting your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to delete your personal data from the Internet. By limiting the information available, you reduce the risk of scammers cross-referencing leak data with information they can find on the dark web, making it harder for them to target you.

3) use powerful antivirus software

Strong antivirus protection is your silent guard online. Choose reliable software that offers real-time protection, safe browsing alerts, and automatic updates. A powerful antivirus program can detect malicious code trying to run on your device, block unsafe sites, and alert you to potential threats. This adds another crucial layer of defense when visiting online stores that may not be completely secure.

The best way to protect yourself from malicious links that install malware and potentially access your private information is to have powerful antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best antivirus protection winners of 2025 for your Windows, Mac, Android, and iOS devices at Cyberguy.com

4) Use secure payment options

Whenever possible, choose payment services that add an extra layer of protection between your bank account and the online store. Platforms like PayPal, Apple Pay or Google Pay do not share your card number with the retailer. This reduces the chance of your information being stolen if the store is compromised. These payment gateways also offer dispute protection if a purchase turns out to be fraudulent.

5) Buy from trusted retailers

Stick to stores with a solid reputation. Well-known brands tend to have better security and faster response times when problems arise. Before purchasing from a new website, check their reviews on trusted consumer sites. Look for signs of credibility, such as clear contact information, a professional design, and verified payment options. A few minutes of research can save you weeks of frustration.

TRANSUNION BECOMES THE LATEST VICTIM OF A MAJOR WAVE OF CYBER ATTACKS LINKED TO SALESFORCE, 4.4 MILLION AMERICANS AFFECTED

6) Keep your devices up to date

Updates may seem annoying, but they are one of the most effective ways to protect your data. Make sure your computer, smartphone, and web browser have the latest security patches installed. The updates often fix the exact types of flaws that hackers use to spread attacks like SessionReaper. Enable automatic updates if you can, so your devices stay protected without extra effort.

7) Use unique elements, secure passwords

If you create accounts on shopping sites, make sure each one has its own strong password. Avoid using the same password on multiple platforms. Consider using a password manager to generate and store long, random passwords. That way, if one account is compromised, your other logins will remain safe.

Next, check to see if your email has been exposed in previous breaches. Our number one password manager (see Cyberguy.com) includes a built-in breach scanner that checks to see if your email address or passwords have appeared in known breaches. If you discover a match, immediately change any reused passwords and protect those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com

8) turn on two factor authentication

If a payment site or service offers two-factor authentication, enable it. This adds a second security step, like a code sent to your phone or generated by an app. Even if hackers steal your password, they won’t be able to access your account without that second verification.

9) Avoid public Wi-Fi for shopping

FARMERS’ INSURANCE DATA BREACH EXPOSES 1.1M AMERICANS

Public Wi-Fi networks in places like cafes, airports, and hotels are often not secure. Avoid entering payment information or logging into accounts while connected to public networks. If you must make a purchase while you’re away from home, use a reliable mobile data connection or VPN to encrypt your activity.

10) Monitor your bank and credit statements

Review your financial statements periodically for any unusual activity. Small, unauthorized charges can be early signs of fraud. Report any suspicious transactions to your bank or credit card company immediately so they can freeze your account or issue a new card.

11) Report suspicious activity

If you notice something strange during or after an online purchase, act quickly. Contact the store’s customer service to report what you saw. You should also inform your payment provider or credit card company so they can block unauthorized transactions. Providing advance notice can help prevent further damage and alert other buyers to potential risks.

Kurt’s Key Takeaways

The SessionReaper attack shows how quickly threats can appear online and how long they can persist when updates are ignored. Even well-known stores can become unsafe overnight. For retailers, installing patches quickly is critical. For shoppers, staying alert and choosing secure payment methods are the best ways to stay protected.

CLICK HERE TO DOWNLOAD THE News APP

Would you still shop online if you knew they were pirated? Could computer technicians hide behind a store’s payment page? Let us know by writing to us at Cyberguy.com

Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM fact sheet

Copyright 2025 CyberGuy.com. All rights reserved.