Brinztech Alert: Post Claims Exposure of 21.3M PrestaShop Customer Records

Dark Web News Analysis: PrestaShop Customer Records Exposure Claimed on Hacker Forum

A post on a hacker forum claims a massive data breach affecting 21.3 million customer records from the PrestaShop e-commerce platform. The threat actor is selling the full dataset via Telegram and has shared a sample of 9.3 million records for free to prove the data’s authenticity. The claim is bolstered by the inclusion of SQL table schemas and data samples, lending it a high degree of credibility among other threat actors. This represents a critical supply chain risk to the thousands of businesses that use PrestaShop. The exposed data includes:

• Customer PII: Full names, physical addresses, and phone numbers.
• Business and Financial Identifiers: Company details and VAT numbers.

Key Cybersecurity Insights

The free distribution of a massive sample of data from a popular e-commerce platform guarantees it will be immediately weaponized by a wide range of criminals.

• A Massive Supply Chain Threat to Global E-Commerce: A breach impacting the PrestaShop ecosystem affects not one, but thousands of independent online businesses and their customers worldwide. The free distribution of 9.3 million records amplifies this threat exponentially, as the data is now in the hands of countless malicious actors.
• Valuable Data for Targeted Fraud and Identity Theft: The combination of personal contact details with business information like VAT numbers is a powerful tool for criminals. This data can be used to commit tax fraud, launch convincing business email compromise (BEC) campaigns, and execute sophisticated identity theft against individuals.
• Authenticity Unconfirmed, But Perceived as Highly Credible: While the possibility exists that this dataset is a repackaging of older breaches, the inclusion of technical proof (SQL schemas) and the significant interest from other actors on the forum mean it must be treated as a credible and active threat. The value, as perceived by the criminal underground, is high.

Critical Mitigation Strategies

This situation requires a multi-layered response from PrestaShop, the store owners who use the platform, and the end customers whose data is now exposed.

• For PrestaShop (the company): Investigate the Claim and Issue Security Guidance: PrestaShop must urgently investigate these claims to determine if there is an active, unpatched vulnerability in its core platform or a widely used plugin. It is critical that they issue clear security guidance and patching instructions to all store owners.
• For Store Owners Using PrestaShop: Patch Systems, Enforce MFA, and Monitor for Attacks: All businesses running a PrestaShop store must immediately apply all available security patches and conduct vulnerability scans. Enforcing Multi-Factor Authentication (MFA) on both customer accounts and their own administrative panels is the single most effective step to prevent account takeovers. Monitoring for credential stuffing attacks is also essential.
• For Customers of PrestaShop Stores: Be on High Alert for Phishing and Fraud: Anyone who has shopped at small or medium-sized online stores (many of which use PrestaShop) should be extremely vigilant. It is crucial to monitor financial accounts for fraudulent activity and to treat any unexpected communications from retailers (e.g., emails about order problems) with extreme suspicion, as they could be targeted phishing attempts.

Secure Your Organization with Brinztech As a cybersecurity provider, we can protect your business from the threats discussed here. Contact us to learn more about our services.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. For general inquiries or to report this post, please email us: contact@brinztech.com