I've now come to the conclusion that what @venditdevs saw happen to his client is now more widespread. I've already advised people I know who use presatshop to act accordingly. If this was a coding issue either with the core code or modules, prestashop could have given more information (e.g. module to remove or temp fixes to block until a patch is made, or even just clarifying what it is). The fact they :
- Haven't posted anything on https://build.prestashop-project.org/ is telling and feels like it is being hidden.
- Are advising customers change FTP and SSH details (which again backs up it not being a coding issue).
If prestashop read this, please note that as you have not provided any other information, the lack of clarity leads to people coming to their own conclusions. You have left us in limbo constantly checking _partials/head.tpl plus other files to see if we are affected. This is stressful and could easily have been avoided. If you have been compromised, tell us and be transparent about it. I personally would have been fine with you telling us right at the beginning (hacks have and always will happen, its how you help prevent them and how you deal with it that counts. Even more so when people rely on you). You could always update us afterwards stating its not as bad as you thought etc if that's the case. Transparency and timely updates are key to something like this being a nightmare or just an annoying inconvenience.