[jupiter2]

> naming&shaming businesses who have effectively done nothing wrong.

Aren't they actively running malware as a result of their own laziness not to upgrade their Magento[1] Site?

This malware is being used to steal customer credit cards (at the very least) - perhaps identity theft as well. They are the very agents of 3rd-party hackers. This list[2] should be sent to the proper authorities and have the stores closed immediately.

Customers who have made purchases at these stores can and should be looking at lawsuits.

If you're going to run a 3rd-party solution for your ecommerce needs and patches have long been made available, you patch. If you can't even do this one simple thing - you get run off the internet for criminal negligence.

[1] https://magento.com/ [2] https://www.magereport.com/page/about