Sunday, November 24, 2024
HomeAdobeAdobe Hacked - Hackers Exploit The Bug in Magento Marketplace &...

Adobe Hacked – Hackers Exploit The Bug in Magento Marketplace & Gained Access To The Users Data

Published on

Adobe discloses the security breach on its Magento Marketplace portal, in results, attackers gained access to the registered customer’s sensitive account information.

Adobe owned Magento is an open-source e-commerce and CMS platform written in PHP, and it was acquired for $1.68 billion in 2018. It is one of the most popular open e-commerce systems in the network.

Attackers taking advantage of the vulnerability that resides in the Magento portal to exploit the network and gain access to the Magento Marketplace account holder data.

- Advertisement - SIEM as a Service

Adobe security experts learned this incident on November 21, soon after they temporarily took down the Magento Marketplace in order to address the issue.

The vulnerability allowed attackers to access some of the sensitive information including Name, Email, MageID, Billing & shipping address and Phone number and other commercial pieces of information.

Adobe also confirmed that there is no financial data (such as credit/debit card) involved in the data breach, and no passwords were compromised.

Adobe sends a security incident noticed to all the customers and said that this issue did not affect the operation of any Magento core products or services.

Adobe data breach notice

According to Jason Woosley, Vice President of Commerce Product & Platform said via blog post “We have notified impacted Magento Marketplace account holders directly,”

“We take these issues seriously and are committed to helping ensure our platforms are secure. We are reviewing our processes to help prevent these types of events from occurring in the future”.

Adobe also confirms that the breach did not affect the operation of any Magento core products or services.

Adobe didn’t disclose any details about the vulnerability and the method used by attackers to exploit the Magento marketplace portal.

Recent Security Incidents

OnePlus Hacked – Customers’ Personal Information Accessed by Hackers

T-Mobile Hacked – Hackers Gained Access to Prepaid Customers Data

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Nearest Neighbor Attacks: Russian APT Hack The Target By Exploiting Nearby Wi-Fi Networks

Recent research has revealed that a Russian advanced persistent threat (APT) group, tracked as...

240+ Domains Used By PhaaS Platform ONNX Seized by Microsoft

Microsoft's Digital Crimes Unit (DCU) has disrupted a significant phishing-as-a-service (PhaaS) operation run by...

Russian TAG-110 Hacked 60+ Users With HTML Loaded & Python Backdoor

The Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in...

Earth Kasha Upgraded Their Arsenal With New Tactics To Attack Organizations

Earth Kasha, a threat actor linked to APT10, has expanded its targeting scope to...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Chinese Hackers Breached Deep Into US Telecom to Spy on Calls and Texts

In a breach that lawmakers are calling the most serious in U.S. history, Chinese...

Helldown Ransomware Attacking VMware ESXi And Linux Servers

Helldown, a new ransomware group, actively exploits vulnerabilities to breach networks, as since August...

Volt Typhoon Attacking U.S. Critical Infra To Maintain Persistent Access

Volt Typhoon, a Chinese state-sponsored threat actor, targets critical infrastructure sectors like communications, energy,...