Security firm Check Point has gone public with a serious vulnerability in e-commerce platform called Magento, which is used by thousands of firms including its parent company eBay.
The firm discovered earlier this year that a critical remote code execution flaw in Magento could open merchant sites and their millions of customers to attack and data theft.
Check Point told eBay about the problem and said that a fix was released in February. The company is going public now because Magento has had sufficient time to inform its customers.
"As online shopping continues to overpower in-store shopping, e-commerce sites are increasingly targeted by hackers as they have become a gold mine for credit card information," said Shahar Tal, malware and vulnerability research manager at Check Point Software Technologies.
"The vulnerability we uncovered represents a significant threat not to just one store, but to all of the retail brands that use the Magento platform for their online stores, which represents about 30 percent of the e-commerce market."
Check Point advised merchants to update their systems with the February fix immediately, but warned that a number of companies may still be running a weakened e-commerce platform.
"Administrators are advised to monitor their logs for patterns matching the technical description of the vulnerability," said Tal.
Tal added that a failure to do this could prove very damaging at a time of increased security risks and heightened consumer awareness about privacy and protection.
"Like any other platform or system e-commerce software can have flaws, so those running the platforms and those running stores on those platforms should ensure that they keep systems fully updated with the latest patches to minimise the window of risk," he told V3.
"Online stores and commerce sites are increasingly being targeted by hackers because of the credit card and personal information they hold.
"There are several UK firms using Magento, and the flaw could affect any [that] don't apply the patches."
Brands using the platform, according to Magneto's own website, include Mothercare, Gant and Rosetta Stone.
Retailers and point of sale terminals are becoming increasingly attractive targets for cyber crooks as they hold reams of useful financial information that can be sold on black markets.
Microsoft receives a 30 per cent cut of all purchases on the Xbox digital store
Credit card thieves used Apple ID accounts to buy and sell virtual currency for Clash of Clans and Clash Royale and Marvel Contest of Champions
$5.1bn fine further evidence that the EU is anti-US, claims Trump
New cable will connect Virginia to France