Magento 1.x to Reach EOL Tomorrow, and There Will Be no Extension

  • The end-of-support for Magento 1.x is tomorrow, and Adobe is not extending it any longer.
  • It’s been almost 12 years since the release of the first version of Magento, and five years since the arrival of its successor.
  • Actors are patiently waiting for the EOL before their launch attacks against 110,000 online shops.

The 1.x branch of the Magento e-commerce platform is about to reach the end-of-life (EOL), as Adobe hasn’t moved the date any further than tomorrow. The first time an EOL for Magento 1.x was announced, it was scheduled was back in November 2018. This was three full years after the release of version 2.0, so the open-source project felt that it was time to move on. Adobe acquired Magento in May 2018 and figured that there were still too many websites relying on the version that was about to be sunsetted. And so the EOL was extended to June 30, 2020, with the hope that webshop admins would hop to the 2.x branch by then.

This ample amount of time didn’t help much, though, as about 75% of all Magento stores are still running 1.x. This means that roughly 110,000 online stores are using software that will be considered obsolete and won’t get any more security updates. At this point, it would be practically impossible to set up a new store and migrate all data there quickly enough, as this should have been done months ago, if not even earlier. What these shops should do now is to act responsibly and pause their commercial activities until they have set up a secure platform.

The risks for these outdated stores and their visitors are obvious and involve hacking attacks that exploit known or unknown vulnerabilities. People who have been monitoring the dark web forums for Magento vulnerabilities report that actors have paused working on finding new ones until the EOL is officially reached. This will clear up the target lists and provide the necessary certainty for exploits’ effectiveness. Adobe released the last security updates for Magento Commerce and Magento Open Source 1.x on June 22, 2020, and warned that these were the final patches for these editions, but you never know. The affected versions mentioned there are Magento Commerce 1 version and earlier, and Magento Open Source 1 version and earlier.

So, what can we the users do then to protect ourselves from having our credit card details skimmed in these vulnerable sites? Unfortunately, there’s no a lot that you can do, and an upcoming wave of attacks against Magento 1.x platforms should be considered a fact now. Mastercard and Visa have also sent warnings to the owners of online stores that are still running the deprecated Magento version, but we reckon this won’t change much. In general, slow page loads, slow checkouts, and poor support for mobile platforms is an indication that you’re visiting a Magento 1.x site.


Recent Articles

What is Zero Trust Network Access (ZTNA) and Why Does it Matter?

Security is not something that's simply tacked on to an existing system. It's a fundamental aspect of that system's design. This is especially true...

How to Watch ‘CMA Best of Fest’ Live Online

We may not be able to attend concerts right now, but we can still enjoy some of our favorite music, especially when it comes...

5 Best VPN for Hong Kong in 2020 (Protect Yourself From The New National Security Law)

Without any doubt, Internet users in Hong Kong are in a very delicate situation right now. As you surely know, this previously independent territory...

How to Watch Quaker State 400 Online – Live Stream NASCAR Cup Series at Kentucky

We've got another NASCAR race on our hands, and the Quaker State 400 is just around the corner. We plan on watching the Quaker...

Seattle Police Booby-Trapped a File to Catch Ransomware Actor

An interesting method used by U.S. law enforcement authorities has been revealed. The FBI and the police use booby-trapped files that are...