Magento  is a popular web e-commerce platform. In February 2015 Magento released an update SUPEE-5344  that fixed a critical security vulnerability . This vulnerability allows remote attackers to insert a Magento web administrator in the database and execute random code.
According to Byte.NL  there are still a high number of Magento webshops that have not yet been patched. There is attack code available  that is currently being used by attackers to exploit the vulnerability.
The vulnerability can be abused by anyone on the internet. The attacker does not need to have an account in your Magento web shop. The attacker becomes the administrator of your e-commerce platform and can read and change the stored personal customer data, including potentially stored credit card data. Basically, the attacker can do whatever he wants with your e-commerce platform.
This can result in a privacy breach (disclosure of personal user data) and financial fraud. It can also make your e-commerce platform unavailable.
Because of the availability of the attack code, if you have not yet patched then your site is likely to become compromised soon.
You can verify online if your site is still vulnerable via the Byte.NL check  : https://shoplift.byte.nl/
Note : the information from Byte.NL is reliable but we have no insight what is actually checked.
You should contact your hoster for any configuration questions or help.
You can contact CERT.be  via cert [at] cert [dot] be for additional questions.
CERT.be has a web server security best practice guide  that applies to all websites, not necessary limited to e-commerce platforms.