In May 2025, security researchers disclosed that three Magento extension vendors — Tigren, Meetanshi, and MGS (Mageplaza) — had their extension distribution servers compromised. Attackers injected malicious code into extension packages that were then downloaded and installed by e-commerce stores. The trojanized extensions installed a backdoor that exfiltrated customer data including payment card details and login credentials. Approximately 500-1,000 e-commerce stores were estimated to have installed compromised extensions. Affected store customers had their payment card data silently harvested (a Magecart-style attack delivered via the supply chain rather than direct injection). The three vendors, popular across small and mid-sized Magento-based online stores globally, removed the compromised packages after disclosure.