On the days around 14th Sept 2020, an unknown group of hackers tried to hack into almost 3000 Magento stores. As per the experts at Sensec, this attack on Magento stores is by far the largest one identified. And most of the Magento stores were running on the End of Life version of Magento 1.X.
This mass cyber-attack has been termed as CardBleed by Sensec researchers to differentiate it from other such campaigns. The previous attack was recorded on the 962 Magento stores in July 2020. And since then, web security experts found no new vulnerability for Magento 1.X, which was uncharacteristic as this version had many security loopholes. So, it led experts to believe that attackers were sitting duck intentionally waiting for EOL of Magento 1.X.
And this belief of experts was right because hackers made sure that those old stores are not patched by Adobe and then only injected malicious codes to steal data from almost 3000 (3% of Magento 1 install).
There are still 95000+ Magento 1.X stores at risk and if you are one of those, then read more here to found out how to save your Magento store from such attacks.