TLDR - you might have malware in your site. Run your site at magereport.com for a quick check.
How could this have happened?
If you were slow to install patches, have insecure passwords, or have otherwise been compromised (eg. logging in to your admin console via an insecure path on a shared network).
How to check if I'm affected?
Open up your main website 'homepage' in a browser, 'view source', and do a 'find' for 'case-insensitive' eval or regexp. If you find something, double-check if it matches this shit-list:
Log into admin and check your list of admin user accounts. Disable or delete any that are old or unused. Check that everyone has a decent password (8 characters, with numbers, special characters, and small/large-caps letters).
Check, in your admin, for any dodgy code in these sections:
- Configuration->General->Design->HTML Head->Miscellaneous Scripts
- Configuration->General->Design->Footer->Miscellaneous HTML
Check, for these files, in both your server and server access log files:
If you find any then this is a pretty serious as you have been hacked to a degree where credit card details could have been transmitted.
What to do if I am affected? Track down the source of that bad code. You could start by :
- changing all passwords
- backing up the site then
- reinstalling the same clean version over the top
I take this as a sign of a good ecosystem - we're getting warnings, fast, about security issues. You might be tempted to think that Magento must be insecure but I look at it as a sign of a healthy community with a lot of people checking for issues, and there to help when things go sour.
Test your site now, it only takes 30 seconds using the tool linked at the top.