Sansec logo

Extortion of Magento merchants


by Sansec Forensics Team

Published in Threat Research − November 07, 2022

Sansec has received reports of criminals trying to extort Magento merchants with the message below. As long as the sender does not produce evidence, they almost certainly did not steal your sensitive data. Ignoring them is best.

Extortion of Magento merchants

Related: many stores are occassionally contacted by "security researchers" who claim to have found a vulnerability and want a "bounty" to disclose it. In 99% of these cases, the found issue is harmless. But it is best to ask them for details. If you are uncertain, contact us and we will assess their report for you.

Extortion message to merchants

Subject: Your Site Has Been Compromised

Your Site Has Been HackedY0ur Site Has Been Hacked


We have hacked y0ur website and extracted your databases.

H0w did this happen?

0ur team has f0und a vulnerability within y0ur site that we were able t0 expl0it. After finding the vulnerability we were able t0 get your database credentials and extract your entire database and move the information t0 an offsh0re server.

What does this mean?

We will systematically g0 through a series 0f steps of t0tally damaging y0ur reputation. First y0ur database will be leaked or s0ld to the highest bidder which they will use with whatever their intentions are. Next if there are e-mails f0und they will be e-mailed that their inf0rmati0n has been s0ld 0r leaked and your site https://your-store was at fault thusly damaging y0ur reputati0n and having angry customers/associates with whatever angry cust0mers/associates d0. Lastly any links that y0u have indexed in the search engines will be de-indexed based 0ff of blackhat techniques that we used in the past t0 de-index our targets.

How d0 i stop this?

We are willing t0 refrain from destroying your site’s reputation for a small fee. The current fee is $3000 in bitcoins (0.15 BTC).

Please send the bitcoin to the foll0wing Bitcoin address (Copy and paste as it is case sensitive):


once y0u have paid we will automatically get inf0rmed that it was your payment. Please note that y0u have to make payment within 3 days after 0pening this e-mail or the database leak, e-mails dispatched, and de-index of your site WiLL start!

H0w do i get Bitcoins?

Y0u can easily buy bitcoins via several websites or even offline fr0m a Bitcoin-ATM.

What if i d0n’t pay?

if y0u decide not to pay, we will start the attack at the indicated date and uph0ld it until y0u d0, there’s n0 c0unter measure to this, you will only end up wasting more m0ney trying t0 find a s0lution. We will completely destr0y your reputati0n amongst go0gle and y0ur cust0mers.

This is n0t a h0ax, do not reply to this email, d0n’t try t0 reas0n 0r negotiate, we will n0t read any replies. 0nce y0u have paid we will st0p what we were doing and y0u will never hear from us again!

Please note that Bitcoin is an0nymous and no 0ne will find 0ut that you have complied. Finally d0n't reply as this email is unmonitored.

Read more

Scan your store now
for malware & vulnerabilities

$ curl | sh

eComscan is the most thorough security scanner for Magento, Adobe Commerce, Shopware, WooCommerce and many more.

Stay up to date with the latest eCommerce attacks

Sansec logo

experts in eCommerce security

Terms & Conditions
Privacy & Cookie Policy
Company Reg 77165187
Tax NL860920306B01