Adobe discloses the security breach on its Magento Marketplace portal, in results, attackers gained access to the registered customer’s sensitive account information.
Adobe owned Magento is an open-source e-commerce and CMS platform written in PHP, and it was acquired for $1.68 billion in 2018. It is one of the most popular open e-commerce systems in the network.
Attackers taking advantage of the vulnerability that resides in the Magento portal to exploit the network and gain access to the Magento Marketplace account holder data.
Adobe security experts learned this incident on November 21, soon after they temporarily took down the Magento Marketplace in order to address the issue.
The vulnerability allowed attackers to access some of the sensitive information including Name, Email, MageID, Billing & shipping address and Phone number and other commercial pieces of information.
Adobe also confirmed that there is no financial data (such as credit/debit card) involved in the data breach, and no passwords were compromised.
Adobe sends a security incident noticed to all the customers and said that this issue did not affect the operation of any Magento core products or services.
According to Jason Woosley, Vice President of Commerce Product & Platform said via blog post “We have notified impacted Magento Marketplace account holders directly,”
“We take these issues seriously and are committed to helping ensure our platforms are secure. We are reviewing our processes to help prevent these types of events from occurring in the future”.
Adobe also confirms that the breach did not affect the operation of any Magento core products or services.
Adobe didn’t disclose any details about the vulnerability and the method used by attackers to exploit the Magento marketplace portal.
OnePlus Hacked – Customers’ Personal Information Accessed by Hackers
T-Mobile Hacked – Hackers Gained Access to Prepaid Customers Data
Best DNS Management Tools play a crucial role in efficiently managing domain names and their…
Customers can now easily integrate Sweet’s runtime detection and response platform into their AWS environments…
Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling them…
SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases from…
In late October 2024, a coordinated IP spoofing attack targeted the Tor network, prompting abuse…
The Metasploit Framework, a widely used open-source penetration testing tool maintained by Rapid7, has introduced…