We have identified a PrestaShop vulnerability that affected around 200 shops worldwide.
We advise you to take action, by ensuring your business against it.
In the last few months, we saw a significantly higher rate of hacked Prestashops even though the system is well known for the security that offers. If in the past 10 years we had only a few cases (3-4) of hacked shops in the Prestashop field, in the last 4 months we had over 10 requests either to analyze or fix the hacked store.
The hackers altered the checkout page and replaced the standard credit card form with their own one.
The following examples show the various issues this could have caused:
- Theft of personal information: while credit card information is the main objective of these assaults, thieves can also steal personal information. Millions of consumers could potentially be impacted by this.
- Revenue loss: Online sales for a small- to medium-sized eCommerce retailer that was previously violated by these attacks may decline significantly. Customers might stop trusting the retailer's capacity to stop future breaches as a result.
- Additional infection: If a hacker group steals administrator and user login information, they may be able to extend the attack and infect more websites. For instance, a hacker group can compromise not just the primary site but also the secondary sites of a brand.
- Legal damages: A hacker attack exposes a business to customer lawsuits, legal consequences if the business is subject to legislation like GDPR, and industry penalties like a PCI DSS audit and the inability to take credit cards.
What can be done?
- Run a thorough check of the shop files for intrusion and identify any unwanted modifications
- The execution of the compromised files can be prevented by deploying Imunify on the server.
- We used Clarity Module Pro extensively to locate the problems and determine whether or not card information had been compromised.
- Enabling double authentication for the admin panel would be recommended.
The above-mentioned options have a one-time fee of 200 EUR and a monthly cost of 15 EUR.
Preventing a problem is always preferable to treating it. We strongly advise taking the above-mentioned precautions to keep your store secure.