Magento supply chain attack compromises hundreds of e-stores. A supply chain attack involving 21 backdoored Magento extensions has compromised between 500 and 1,000 e-commerce stores, including one belonging to a $40 billion multinational. Sansec researchers who discovered the attack report that some extensions were backdoored as far back as 2019, but the malicious code was only activated in April 2025. “Multiple vendors were hacked in a coordinated supply chain attack, Sansec found 21 applications with the same backdoor,” explains Sansec. Third-party company: Tigren, Meetanshi and MGS.