Cs_Cart 4.2.4 Customer Credit Information Getting Stolen

Hello .

I am having few problems recently just got few calls from customer's that CC information is getting leaked, We don't store any credit card details & we use Authorize.NET, Is there some one aware of this recent attack called Js-Sniffers hack.

So far I got 3 customer's who's complaining regarding this but I am not sure what to do. I did contact CS-Cart helpdesk but no response so far, They did release a patch may be few years back which fix this error , But I dont see any patches or update, regarding this.

I will appreciate if some one can help, I did do a tcp dump but cant seem to find any thing going un-usually.

Are you running a PCI scan on your server? You usually have to do that as part of accepting cc. That should show any server issues and I would contact your server comapany. I would certainly also change your admin pw and get rid of any accounts that might have access. Rename your admin.php to something else like adminxyz.php so it can't be guessed.

CS Cart saves CC numbers into the order details. That is very dangerous. We do save them as we often have to change the orders. But I had our web guy do a change that eliminates the numbers when we show the order as completed.

I certainly would take this issue seriously, you could be liable for a lot of damages.

Jack

We are PCI - but I am sure it's something to do with CS-Cart as that happens before few years back and CS-Cart came with a patch which fixes that issue, now same thing is happening, CS-Cart have to keep up with security patches just as Magento and other shopping cart provider if there's any leak.

At first, install security patches from File area in CS-Cart HelpDesk

Then ask server administrator to search for recently modified file (exclude the var/cache directory)

Most possibly stolen cc details are saved to file somewhere on your server

We are PCI - but I am sure it's something to do with CS-Cart as that happens before few years back and CS-Cart came with a patch which fixes that issue, now same thing is happening, CS-Cart have to keep up with security patches just as Magento and other shopping cart provider if there's any leak.

Hi Tiger,

Have you find and fixed the issue?

Best,
X