Hackers have hit more than 4,151 online retailers during Black Friday and Cyber Monday sales, stealing payment information and other personal information from customers, the National Cyber Security Centre in the UK said on Monday.

It notified 4,151 small business sites whose customers’ payment details were being stolen.

“We want small and medium-sized online retailers to know how to prevent their sites from being exploited by opportunistic cybercriminals over the peak shopping period,” said Sarah Lyons, deputy director for economy and society at the NCSC.

“Falling victim to cybercrime could leave you and your customers out of pocket and cause reputational damage,” Lyons said in a statement.

The majority of the online shops used for skimming identified by the NCSC had been compromised via a known vulnerability in Magento, a popular eCommerce platform.

“Retailers are urged to ensure that Magento – and any other software they use – is up to date. The NCSC’s website has guidance on running a secure website, including moving businesses from the physical to the digital,” the UK watchdog said.

The compromised shopping websites were identified by the NCSC’s Active Cyber Defence program, which seeks to remove malicious websites and scams from the internet before they harm the public.

One of the key things that online retailers can do to help prevent payments and personal data from being stolen is to apply the available security patches that stop cybercriminals from being able to exploit known vulnerabilities in Magento and any other software they use, the UK watchdog added.

Sign up for Newsletters

Subscribe to our newsletter and never miss an update on the latest tech, gaming, startup, how to guide, deals and more.