Magento Marketplace Suffers User-Exposing Data Breach

  • A breach in one of Magento’s databases resulted in the leak of customer and seller data.
  • Adobe claims that their services haven’t been touched, and so plugins and themes are safe to use.
  • The number of the compromised users remains unknown, as it the date of the initial break-in.

Magento is an open-source e-commerce platform that is used in more than 100000 online stores and counts over 2.5 million registered users. Its amazing popularity has resulted in the interest of Adobe, who bought it in May 2018 for $1.68 billion. Unfortunately, Adobe has just announced that the Magento Marketplace suffered a data breach which resulted in the exposure of an undisclosed number of users. According to the blog post, the unauthorized third-party who conducted the breach accessed a database that contained both customer and developer data, so buyers and sellers were exposed in this together.

The type of the leaked data includes user names, email addresses, MageIDs, billing address, shipping address, phone number, and various types of commercial information that was provided to the platform. Adobe assures the public that the core product and services haven’t been compromised this time, and this means that the themes and plugins that are hosted on the Marketplace haven’t been infected with malware or a backdoor.

The company states that their IT teams realized the breach on November 21, 2019, and took down the Magento Marketplace immediately in order to secure the database. However, there are no clarifications about whether that date was the moment of the initial infection or if that took place earlier. If the latter is the case, then the question is for how long did the hackers enjoy access to the compromised database? Adobe answers none of this on their announcement, or on the notifications that they are sending over to the affected account holders. How many received these emails also remains a mystery.

magento-marketplace-data-breach
Source: Magento Blog

If you are a registered Magento seller, you should reset your password and also change it from any other platforms that you may be using it as well. Adobe hasn’t mentioned anything about passwords being exposed, but it is very likely that they are included in the leaked data, even in encrypted form. As for the customers who may have been exposed, these will most probably not receive any notifications from Adobe, so it’s up to you to keep an eye on published breaches and take all proper measures to secure your data online. Considering that your email and phone number have been leaked, you should be aware of any unsolicited messages or calls that you may receive from scammers.

Will you be trusting and using Magento from now on? Let us know in the comments down below, or join the discussion on our socials, on Facebook and Twitter.

REVIEW OVERVIEW

Recent Articles

Multiple Flaws in Apache Guacamole Leave Sour Taste for Corporate Networks

Check Point warns about an exploit chain leading “full network control” attack against corporate networks. The discovered flaws concern the FreeRDP 2.0.0...

Massive “V Shred” Data Breach Exposes More Than 99,000 Customers

“V Shred” has left an unprotected database online, exposing the sensitive details of 99,000 clients. The data that has leaked includes names,...

TrickBot Malware Has Updated Itself With Anti-Analysis Features

TrickBot is now checking what resolution it’s running on and stops if it’s an unusually low setting. The notorious trojan is checking for...

Top Selfie Beautification Apps Available in India Right Now

The ax of the Indian government has cut even the popular selfie beautification image apps “YouCan Makeup,” “Selfie City,” and “Meitu,” in the context...

Top 5 Alternatives for the “DU Battery Saver” That Was Banned in India

Due to the recent ban of 59 Chinese apps imposed by the Indian government, the “DU Battery Saver” has been blocked in the country....