A major supply-chain hack has compromised hundreds of e-commerce websites, exposing customer payment data in an attack that’s still active. The breach was first uncovered by security firm Sansec in April 2025. At least 500 sites have been confirmed as affected, though researchers say the true number could be twice as high.
Attackers gained access by compromising plugins developed for Adobe Commerce (previously known as Magento). The affected vendors include Tigren, Magesolution (MGS), and Meetanshi, which are well-known developers in the Magento ecosystem. Hackers embedded a backdoor into 21 different extensions, giving them the ability to execute PHP code directly on merchants’ servers.
Once the infected extensions were installed, the attackers silently injected JavaScript-based skimmers into the checkout pages of online stores. These scripts harvested payment data from customers’ browsers in real time, allowing card details to be stolen during purchases.
What makes this breach especially dangerous is how long it went unnoticed. The malicious code had been lying dormant for six years before it activated. It was engineered to trigger only under specific conditions, which helped it avoid detection and spread quietly across hundreds of websites.
The fallout is still unfolding. One of the compromised organizations is a multinational company worth an estimated $40 billion, though it hasn’t been named publicly. Sansec says many sites remain infected, and some vendors are still distributing the compromised code. Meetanshi has acknowledged being hacked but denies altering its software. Tigren and Magesolution have not responded.
Store owners and developers can check for signs of compromise by scanning their code for a suspicious function: adminLoadLicense($licenseFile). This line executes a file as PHP code and is a key indicator of the backdoor.
The breach highlights the fragile nature of modern e-commerce infrastructure, especially when third-party code is involved. Weak links in the supply chain can give attackers access to hundreds of targets at once—and in this case, payment data was the prize.
Why It Matters for Merchants
A breach like this doesn’t just expose customer data. It leads to chargebacks, fraud claims, and reputational damage, sometimes weeks after the initial attack. If you're using third-party plugins or extensions, especially on platforms like Magento, you may be more vulnerable than you think.
Chargeblast helps merchants detect dispute trends early and respond to chargebacks fast. While we don’t prevent hacks, we do help minimize the financial fallout when compromised data leads to fraudulent disputes.
