Skip to main content

21.3 Million PrestaShop Customer Details for Sale on Dark Web

According to multiple reports, a threat actor is attempting to sell the stolen data of over 21.3 million PrestaShop users on a dark web forum. Potential buyers can already view a subset of the data for free before deciding whether to bid on the entire database.

The data obtained in the breach purportedly contains personally identifiable information (PII), such as full names, company names, addresses, phone numbers, VAT numbers, DNIs, and customer IDs in SQL schema format, as per SOCrader. The sellers themselves attribute the hack to another organization, and it’s not yet clear where exactly it came from.

Brinztech researchers previously reported on threat actors obtaining unauthorized access to 126 PrestaShop stores and selling this information online. However, it has not been confirmed whether the newly discovered data that’s up for sale originated from the same breach.

PrestaShop has also not commented on the matter thus far. However, the popular open-source e-commerce platform has been involved in numerous high-profile cybersecurity events in recent years. Some of these even involved highly sensitive payment details related to credit cards or digital gateways like PensoPay, Datatrans, PayPal, or Tap, risking widespread financial fraud.

Should this latest data fall into the wrong hands, it could be used by threat actors to launch unauthorized takeovers of online stores hosted on PrestaShop, steal funds from users, and even commit high-level fraud.

As Brinztech researchers put it, it’s “not a single company breach” but a “compromise of the foundational software used by thousands of independent online retailers.”

Store owners using PrestaShop are advised to immediately audit their installations for any signs of suspicious activity, apply the latest security patches, and force password resets for all their customers. Customers who have used stores hosted on PrestaShop should closely monitor their financial accounts for any unauthorized transactions.

It has not been a good month for online retail. Earlier in August, hackers claimed to have breached PayPal and to be in possession of 15.8 million user records, also up for sale. The ShinyHunters cybergang also continues to target multiple companies with sophisticated social engineering attacks.



See TessMore Internet Business Must-Reads
Labels:

Comments

Post a Comment

Popular posts from this blog

Only 1 in 10 NFT Owners Have Never Experienced a Scam

A new survey from PrivacyHQ reveals 90% or nine out of 10 respondents experienced an NFT scam. This level of uncertainty is cause for concern for a relatively new marketplace that is generating billions of dollars. Only 1 in 10 NFT Owners Have Never Experienced a Scam The PrivacyHQ survey spoke to 1,008 people in the U.S. who are actively investing in and own NFTs. And according to the report, there are some horror stories and great lessons to be learned. The key takeaways from the survey are: Less than half of NFT owners feel their NFTs are secure Two out of 3 respondents said they had panic-sold NFTs in the past Nine out of 10 respondents had experienced an NFT scam Half of the respondents had lost access to their NFTs at some point When it comes to NFT scams there were multiple ways in which buyers were scammed. Topping the list of the most common scams experienced by these respondents starts out with the NFT provider shutting down or changing their URL at 44.8%. Next is...
Post a Comment
Read more

Thousands Still Available in COVID Relief with These Small Business Grants

Building improvements can be a major expense for small businesses. And many had to make certain changes to navigate the past few years. Restaurants set up outdoor patios. Historic properties restored their storefronts. And offices added energy efficient features. Many businesses also have improvement projects planned for 2022. Luckily, many small business grant programs across the country make these projects more attainable, thus improving the customer experience and the community at large. Here are some current small business grant opportunities for building improvements, pandemic recovery, and more. Raleigh Building-Up Fit Grant Raleigh’s Small Business Development department is launching a new grant opportunity for local businesses. The Building-Up Fit Grant offers matching reimbursement funds up to $25,000 for eligible renovation projects. Businesses with 50 employees or less can apply for grants to cover projects that significantly improve the appearance and value of the pro...
Post a Comment
Read more

openSNP Shutters Over Privacy and Authoritarianism Concerns

OpenSNP, a long-running open-source genetic data platform, is shutting down after citing growing concerns over data privacy, the misuse of genetic information by law enforcement, and the rise of authoritarian governments. The decision comes as 23andMe, a major source of user-submitted genetic data for openSNP, faces bankruptcy and a potential selloff of user data . Founded in 2011, openSNP allowed users to upload genetic data from services like 23andMe to make it freely available for scientific research. Co-founder Bastian Greshake Tzovaras said the closure was triggered in part by the collapse of 23andMe and the broader political climate. Speaking to TechCrunch, he stated : “The risk/benefit calculus of providing free and open access to individual genetic data in 2025 is very different compared to 14 years ago.” The database has collected roughly 7,500 genomes and supported academic work across biomedical research, information security, and more. But its founder now questions the ...
Post a Comment
Read more