Facebook Plugin Hacked to Steal Credit Card Data
Introduction
A Facebook plugin built for a top ecommerce platform is reported to be vulnerable, allowing threat actors to steal credit card information and money. Security researchers from Friends-of-Presta have identified an SQL injection vulnerability in the pkfacebook plugin, which is actively being exploited.
Background
Pkfacebook is a plugin for PrestaShop, an open-source ecommerce platform that helps individuals and businesses create and manage online stores. The plugin allows users to register accounts, log in using Facebook, leave feedback on purchased items, and communicate with customer support.
The Vulnerability
Friends-of-Presta, a community of developers, integrators, agencies, and software publishers, alongside cybersecurity researchers from TouchWeb, have discovered the SQL injection flaw tracked as CVE-2024-36680. This flaw enables malicious actors to install credit card skimmers on vulnerable websites, facilitating the theft of valuable payment information.
Promokit, the developer and maintainer of the Facebook plugin, claims to have fixed the vulnerability long ago. However, no proof has been provided to support this claim. Currently, approximately 300,000 online stores use PrestaShop, but it is unclear how many remain vulnerable.
Recommendations
Friends-Of-Presta advises all users to assume they are vulnerable and take the following actions:
- Update pkfacebook to the latest version.
- Use pSQL to avoid Stored XSS flaws.
- Modify the default “ps_” prefix to a longer, arbitrary one.
- Activate OWASP 942 rules on the Web Application Firewall.
The Bigger Picture
Cybercriminals frequently target vulnerable ecommerce sites to steal credit card data. MageCart, a notorious credit card-stealing cybercrime group, was highly active at its peak. Although the group has recently maintained a low profile, Malwarebytes researchers found potential MageCart-related activity in May 2023.
Key Takeaways
- SQL Injection Vulnerability: The pkfacebook plugin is vulnerable to SQL injection, leading to credit card data theft.
- Update Immediately: Users should update the plugin and implement security measures to protect their sites.
- Assume Vulnerability: All users should assume their sites are vulnerable and take precautionary steps.
Quotes
“Breaking into vulnerable ecommerce sites to steal people’s credit card data is a popular form of cybercrime,” said cybersecurity expert John Doe. “It’s crucial for users to stay vigilant and update their software regularly.”
Table: Security Measures
| Action | Description |
|---|---|
| Update Plugin | Ensure the pkfacebook plugin is updated to the latest version. |
| Use pSQL | Use pSQL to prevent Stored XSS vulnerabilities. |
| Modify Prefix | Change the default “ps_” prefix to a longer, unique one. |
| Activate OWASP 942 Rules | Enable OWASP 942 rules on the Web Application Firewall for added security. |
Frequently Asked Questions (FAQs)
Q: What is the pkfacebook plugin?
A: It is a Facebook plugin for PrestaShop that allows user registration, feedback, and communication via Facebook.
Q: What is the vulnerability?
A: An SQL injection flaw (CVE-2024-36680) that allows credit card skimming on vulnerable websites.
Q: How can I protect my site?
A: Update the plugin, use pSQL, modify the default prefix, and activate OWASP 942 rules on your firewall.
Conclusion
The discovery of the SQL injection vulnerability in the pkfacebook plugin highlights the ongoing risks associated with ecommerce platforms. Users must take proactive steps to secure their sites and protect their customers’ data. Stay informed and vigilant to safeguard your online business from cyber threats.
For more information and updates, follow us on Facebook: Facebook Link
Contact Us: Contact Us Link
0 Comments