As I investigate her case, I fund that her e-commerce website has been hacked. I found two unknown users in Admin panel of her e-commerce site. Also, I notice that some particular IP address was numerously visited at this web address. Her e-commerce program is Magento, but it is four years old module, the site was never upgraded or updated ever since the first web designer build this site. This similar case is a typical problem of all small business owner who has the website or e-commerce site for their business. Simply they don’t have time to update or no budget to keep up to upgrade the latest module by their web developers.
In my customer’s case, her e-commerce site keeps the credit card number of the buyers if they paid in credit card directly without using PayPal or PayPal Express payment. I assume that the hacker already took all the credit card numbers and customers address and phone numbers, and their email addresses. The hacker can break into the website database system to get the valuable information. Some of the hackers embedded the email sending program to send the thousands of email through the victim’s account, but unfortunately, victims are not aware of this criminal act for a months or years until they caught by hosting company security program. Usually, the hacker is not easily detected by the security program that monitors the particular spike of CPU usage or excessive traffic on the sites.)
For website security & firewall installation, please contact me, Daniel Chun, 510-684-7207.