Critical Vulnerability in PrestaShop Facebook Module Exploited to Steal Credit Card Data - Cyber and Fraud Centre

A serious security flaw has been uncovered in a popular Facebook module for the e-commerce platform PrestaShop, potentially exposing thousands of online shops and their customers to credit card theft.

Background

PrestaShop is an open-source e-commerce solution used by approximately 300,000 online stores worldwide. Many PrestaShop users enhance their stores’ functionality with additional modules, including the “Facebook” module (pkfacebook) developed by Promokit.eu. This module allows customers to log in using their Facebook accounts and enables other Facebook-related features.

The Vulnerability

Security researchers have identified a critical vulnerability (CVE-2024-36680) in the pkfacebook module. This flaw allows attackers to perform SQL injection attacks, potentially gaining unauthorised access to the shop’s database. The vulnerability affects the module’s facebookConnect.php Ajax script, which can be exploited through a simple HTTP request.

Key points:

The vulnerability has a CVSS score of 9.9, indicating its severity.
All versions of the pkfacebook module are potentially affected.
Active exploitation of this vulnerability has been observed in the wild.

Exploitation and Consequences

Cyber criminals are actively exploiting this vulnerability to deploy web skimmers on affected e-commerce sites. These skimmers are designed to capture credit card information entered by customers during the checkout process.

The potential impact includes:

Theft of customers’ credit card details
Unauthorised access to shop databases
Potential modification of site content or settings
Compromise of administrative privileges

Mitigation Steps for Shop Owners

If you operate a PrestaShop-based online store using the pkfacebook module, consider taking the following actions:

Update the pkfacebook module to the latest version immediately.
Upgrade PrestaShop to the latest version to benefit from additional security enhancements.
Implement proper use of the pSQL function to protect against Stored XSS vulnerabilities.
Change the default database prefix (ps_) to a longer, arbitrary prefix.
Activate OWASP 942 rules on your Web Application Firewall (WAF), being mindful of potential conflicts with back-office functionality.
Regularly monitor your site for any suspicious activity or unauthorised changes.
Consider temporarily disabling the pkfacebook module if immediate updating is not possible.

Advice for Consumers

While the primary responsibility for addressing this vulnerability lies with online shop owners, consumers can take steps to protect themselves:

Be vigilant when making online purchases, especially on smaller or less familiar e-commerce sites.
Use virtual credit cards or payment services that generate one-time use numbers when possible.
Regularly monitor your credit card statements for any unauthorised transactions.
Consider using a reputable password manager to generate and store unique passwords for each online account, 1 password – 1 site.

If You Suspect You’re a Victim

If you believe your credit card information may have been compromised:

Contact your bank or credit card issuer immediately to report potential fraud.
Request a new card with a different number.
Review your recent transactions and report any unauthorised charges.
Consider placing a fraud alert on your credit reports.

Conclusion

The discovery of this critical vulnerability in a widely used PrestaShop module underscores the ongoing challenges in e-commerce security. Shop owners must remain vigilant, and like their computer systems and networks, keep their systems and modules up-to-date and implementing robust security measures. Consumers, while not directly responsible for these vulnerabilities, should maintain awareness and take precautions to protect their financial information when shopping online.

24.06.24

Threat Intelligence Alerts