Bankwire / bug or fraude?

[[email protected]]

 

Hi, 

I have an important announce / claim.

Due to an update of the prestashopsmodule "bankwire / bankoverschrijving" (see attachment), the bank info was filled in with unknow parameters (see attachment).

Name: Shariq Ali, Germany

Bank: wirecard, DE1151230800650145XXXX

2 curstomers have made an order and have choosen for the option of bankwire, so they make the payment at that bank account of wirecard, DE115123080065014XXXX.

DO I have to go to the police with this or can you check and solve this???

Many Thanks,

 

[Scully]

First of all: I have never ever noticed the bankwire module makes an autofill or has predefined data in the bank account fields.
Many questions are popping up.

• What is your prestashop version?
• What caused the module update? Did you trigger it? Or was it replaced "all of a sudden"?
• Have you checked if the payments have been credited to the 'new' account holder?
  =>I'd speak with my bank immediately.
• Have you used modules which known security issues?
  See details:
  https://www.prestashop.com/forums/topic/544579-major-security-issues-with-few-modules-and-themes/
• Did you check which core files have been changed recently?
• Did you check the IP addresses with the most traffic to your shop?
• Did you check which IP addresses had access to your backoffice during the last periods?

Edited August 28, 2017 by Scully (see edit history)

[Scully]

No more news on this thread?

[[email protected]]

 

First of all: I have never ever noticed the bankwire module makes an autofill or has predefined data in the bank account fields.

Many questions are popping up.

• What is your prestashop version?
• What caused the module update? Did you trigger it? Or was it replaced "all of a sudden"?
• Have you checked if the payments have been credited to the 'new' account holder?

  =>I'd speak with my bank immediately.

• Have you used modules which known security issues?

  See details:

  https://www.prestashop.com/forums/topic/544579-major-security-issues-with-few-modules-and-themes/

• Did you check which core files have been changed recently?
• Did you check the IP addresses with the most traffic to your shop?
• Did you check which IP addresses had access to your backoffice during the last periods?

 

-------------------

Hi, 

 

Prestashopversion was 1.6.1.1 but today updates to the newest.

I did not update, it happens out of the blue.

I do not have modules know by securtityissues (I think).

• Did you check which core files have been changed recently? --> no, how to?
• Did you check the IP addresses with the most traffic to your shop? --< now how to?
• Did you check which IP addresses had access to your backoffice during the last periods? Yes, I think about al list of 50 ip adresses in the list of backend

I am thinking to go to the police with this because I believe this is fraude.

I have a module now that alarms me if external sources are trying to enter.

 

[Scully]

I don't think a module ist enough to harden your shop. In my humble opinion your shop must be considered as fully compromised. Hence I would ask a service company to figure out the details. Otherwise Im guessing it is very likely your bank account data will change again.

And I would upgrade to the latest 1.6. version and throw all modules into the bin where I am not 100% confident that these modules are not the

 

And yes - you can go to the police. But how should they you if even you are not able to figure out the way your shop data have been changed?

Edited August 29, 2017 by Scully (see edit history)