Facebook e-commerce plugin used by thousands of stores has been hacked to steal credit card information
A Facebook plugin built for a leading e-commerce platform is said to be vulnerable in a way that could allow threat actors to steal people’s credit card information, and ultimately money.
Security researchers at Friends-of-Presta have warned about a SQL injection vulnerability in pkfacebook, claiming they have observed the flaw being exploited in the wild.
Pkfacebook is a plugin for PrestaShop, an open source e-commerce platform that allows individuals and businesses to create and manage their online stores. This plugin allows people to register and log in to their accounts, use Facebook, leave feedback on purchased items, and communicate with customer support.
Assume that everyone is vulnerable
Friends-of-Presta is a community of developers, integrators, agencies and software publishers. According to their findings, as well as those of cybersecurity researchers TouchWeb, the SQL injection flaw is being tracked as CVE-2024-36680. It is abused by malicious actors to install credit card skimmers on vulnerable websites, allowing them to steal valuable payment information.
Promokit, the company that develops and maintains the Facebook plugin, says it fixed it “a long time ago,” but as BleepingComputer findings, provided no evidence for their claims. Currently, around 300,000 online stores use PrestaShop, but it is impossible to determine how many are currently vulnerable.
Friends-Of-Presta believes that all users should consider themselves vulnerable and do the following:
Update pkfacebook, make sure they use pSQL to avoid Stored
Breaking into vulnerable e-commerce sites to steal people’s credit card information is a popular form of cybercrime. At its peak, MageCart was by far the most popular and disruptive credit card-stealing cybercrime group. Although the group has successfully kept a low profile recently, in May 2023, security researchers at Malwarebytes discovered activity that could be linked to the group.