Is Magento 1.9 the Biggest Risk to Your Business Right Now?

Keeping your website and customers safe should be a top priority, but with the news that Magento 1.9 has been hacked and customer data sold off to third parties, is your website less secure than you think?

Kevin Taylor

In September, well over 2000 Magento 1 stores were hacked with a malicious code called CardBleed. CardBleed was an automated megacart campaign that intercepted the payment information of customers. E-commerce security software company Sansec discovered 1058 security breaches on 12th September alone. According to them, it was the largest documented hack to date and appeared to specifically target stores running Magento 1 which went end-of-life earlier this year.

What is so alarming is that most retailers had no idea it was taking place until it was too late! Once the hackers got a hold of the sensitive information, the damage was done and there was no end to their activity, including:

  • Selling customer data like credit card information on the black market
  • Exploiting security vulnerabilities of the retailer
  • Sending a variety of cyber-attacks like phishing to customer email addresses

This shouldn’t come as a surprise really as it’s now over 2 years since Magento first announced that they were stopping support for Magento 1.9 in June 2020 with many businesses yet to upgrade. Believe it or not, there are still over 62,000 websites that are running on Magento 1.9 currently and this latest security breach shows just how serious the implications are to those unwilling to do anything about it.

In their original press release, Magento recognised that merchants needed time to transition from Magento 1.9 and laid out various options but that time has long gone. The risks of staying on Magento 1.9 are now high and will only get worse as time goes on.

The Dangers of Staying with v1.9

Laptop in colour

So, what happens if you choose to stay on Magento 1.9?

Security risks: As illustrated above, stores running on Magento 1.9 also have significant security risks associated with them. Since Magento is no longer patching security issues that come up, hackers are targeting susceptible stores that have yet to upgraded to a newer version of Magento. These risks are real and should not be ignore.

Functionality issues: The vast majority of Magento stores rely on a variety of plug-ins and extensions for their functionality. These will now also be out of date and your customers might start seeing issues with your site, affecting performance, reducing conversions and ultimately revenue. Added into that, you’ll start seeing payment options pulled back from the likes of Visa and Paypal etc as stores running Magento 1.9 are no longer PCI compliant.

What Are Your Options?

So, what are your options?

A potential £50,000 fine from the ICO makes migrating to Magento 2 or Shopify seem like a cost-effective option but whatever you do needs to be done quickly. It’s unlikely that the ICO will cut businesses any slack during the pandemic, so customer data and security isn’t one of those nice to haves. It’s fundamental to e-commerce and taken very seriously by them.

Here are just a couple of options open to you.

Magento 2: A good chunk of our client base choose to transition to Magento 2. Choosing Magento 2 has several advantages. It is similar to 1.9, but has improved performance, a streamlined checkout process, better admin interface and it’s mobile friendly. Well-built stores that run on Magento 2 are also generally 20% faster, have a variety of new features and plugins and also has an extensive support system available from Magento.

Shopify: Although Magento 2 is a viable option for businesses, Shopify has several strategic benefits when migrating from Magento 1.9. First, Magento 2 is generally far more expensive than migrating to Shopify. Shopify is a SaaS product and you pay based on your usage of Shopify. It’s very simple to use and has many of the same features as running your store on Magento 2, it’s ideal for the smaller business and takes away the headache of running a Magento store.

Of course, there are other options available including WooCommerce, Big Commerce and OpenCart but we’ll cover those another time!

Right now, you need to be doing something and an initial consultation with Gravytrain is a great place to start. Our extensive two decades of experience will help you make the right choice independent of e-commerce platform.


Click here to contact us.