Chilean PrestaShop Data Breach Exposes 5,600 Credit Cards in Active Magecart Attack

The Chilean PrestaShop data breach has been identified as an active, high-severity cyber incident involving full administrative control of a Chile-based online store. A threat actor is selling “live admin access” to the hacked PrestaShop platform on a dark web forum for between $5,000 and $10,000. According to the listing, the attacker has already intercepted more than 5,674 payment card transactions, confirming that malicious JavaScript code is still active on the website’s checkout page. This makes the breach one of the most dangerous live Magecart attacks currently circulating in Latin America.

Background of the Breach

The compromised website operates on the open-source PrestaShop platform, which powers thousands of small and mid-sized e-commerce stores worldwide. The attacker, identified as an Initial Access Broker (IAB), claims to have maintained access for several weeks, siphoning real payment data in real time. The Chilean PrestaShop data breach is not a static database leak, but a live, persistent attack that allows continuous theft of sensitive customer data as users complete online transactions.

• Victim: Unnamed Chilean PrestaShop e-commerce retailer
• Status: Ongoing compromise with live JavaScript skimmer
• Cards stolen: 5,674 confirmed in the last month
• Access for sale: Administrative credentials ($5,000–$10,000)
• Attack type: Magecart (web skimming and card data interception)

How the Attack Works

The Chilean PrestaShop data breach centers on a Magecart-style web skimmer that captures data as customers type it into the checkout form. This malicious code, injected directly into PrestaShop template files or HTML modules, silently sends card numbers, CVVs, names, and billing addresses to the attacker’s server before the transaction completes. The hacker has verified their control by sharing logs of “redirected payments,” proving that stolen card details are harvested and transmitted in real time.

Because the attacker still has live access to the admin dashboard, the breach remains ongoing. Even if the shop’s owners notice unusual transactions, the attacker could easily reinsert or modify the JavaScript payload through backdoor admin accounts. This persistent access means that thousands of additional customers could have their credit cards compromised if the site is not immediately shut down or isolated.

Key Cybersecurity Insights

Active Magecart Skimming Operation

The Chilean PrestaShop data breach fits the pattern of Magecart operations that target outdated or poorly secured e-commerce systems. Attackers exploit admin panels or plugin vulnerabilities to inject small pieces of JavaScript that capture payment data directly from customers. Since the malicious script runs client-side, neither banks nor the merchant immediately detect the theft. Every purchase made on the infected site results in instant card exposure.

Persistent Access Sale and IAB Involvement

The seller in this case is functioning as an Initial Access Broker, offering not just stolen data but full administrative access to the live shop. This means multiple threat actors can purchase access to continue the skimming operation or install additional malware. The high asking price reflects the site’s transaction volume and the profitability of an active skimmer tied to a high-traffic store.

Regulatory and Financial Exposure

The Chilean PrestaShop data breach constitutes a direct violation of both Law 19.628 on the Protection of Private Life and PCI-DSS (Payment Card Industry Data Security Standards). Under Chilean law, affected companies must report such breaches to national regulators and financial authorities. PCI-DSS compliance failure can lead to substantial fines exceeding $500,000 per incident. For a smaller business, this kind of regulatory exposure could result in permanent closure, legal liability, and reputational collapse.

Mitigation Strategies

For the Affected Chilean E-commerce Business

• Shut down payment systems immediately: Disconnect the payment gateway or take the entire website offline to stop live data theft.
• Hire a PCI Forensic Investigator (PFI): This is now mandatory for compromised merchants. Investigators can trace the infection and verify data exfiltration points.
• Audit all JavaScript and template files: Review every PrestaShop .js and .tpl file for suspicious code, especially within “Custom HTML” and “Theme” modules.
• Reset admin credentials and enable MFA: Invalidate all accounts and implement multi-factor authentication to prevent reinfection.
• Report the breach: Notify Chile’s Comisión para el Mercado Financiero (CMF) and data protection authorities, as well as all payment partners (Visa, Mastercard, Transbank).

For Customers Affected by the Breach

• Cancel cards immediately: If you made a purchase at a Chilean PrestaShop site in the past month, contact your bank to cancel or replace your card.
• Check bank statements daily: Look for suspicious charges or small “test” payments that often precede large fraud attempts.
• Use secure payment methods: Prefer one-time virtual cards or banks that support app-based payment verification.
• Scan for malware: If you entered payment data online recently, perform a full device scan using Malwarebytes to ensure your system is not infected by phishing or keylogging software.

For E-commerce Operators

• Apply PrestaShop security patches: Regularly update plugins, modules, and themes to close exploitable vulnerabilities.
• Implement Content Security Policy (CSP): Restrict JavaScript execution to trusted sources to block injected scripts.
• Conduct routine penetration tests: Regular external testing helps detect unauthorized access or hidden code before attackers can exploit it.
• Monitor outbound network traffic: Use firewalls or intrusion detection systems to flag unusual data transfers from web servers.

National and Economic Impact

The Chilean PrestaShop data breach underscores the increasing frequency of Magecart attacks across Latin America. These incidents often start with small businesses that lack advanced cybersecurity oversight, but quickly escalate into regional crises once customer card data circulates on dark web marketplaces. The resale of live admin credentials shows that Chilean e-commerce infrastructure remains a top-tier target for financially motivated attackers.

For verified updates on major data breaches and in-depth cybersecurity investigations, visit Botcrawl for expert coverage of emerging threats and response best practices.