The Magestore Locator extension version 1.0.2 (and earlier versions) that could result in unauthorised access to sensitive information. Magento has urged customers running Magestore Locator extension to disable it or block requests and request/implement an update from the extension developer.
Magento has had reports that the extension has been exploited.
In particular users should have their developers look for signs of compromise in particular, but not exclusively, suspicious database queries being logged and unknown accounts. In addition to this, all administrative accounts should have their passwords reset.
To reiterate only customers running version 1.0.2 or earlier may be impacted.