Unauthorized administrator accounts

When attackers gain unauthorized access to a store, they often add extra accounts to the store control panel. These accounts have legitimate sounding names like "backup" and "system" but are under full control of a third party.

General approach: go through your list of admin accounts, and purge (not disable) any that you do not recognize.

See also our collection of previously detected malicious admin accounts

As extra safety measure, we recommend to implement an IP filter on the control panel of your store, so that it only allows office and staff IPs.