Sunday, March 30, 2025
HomeAdobeAdobe Hacked - Hackers Exploit The Bug in Magento Marketplace &...

Adobe Hacked – Hackers Exploit The Bug in Magento Marketplace & Gained Access To The Users Data

Published on

SIEM as a Service

Follow Us on Google News

Adobe discloses the security breach on its Magento Marketplace portal, in results, attackers gained access to the registered customer’s sensitive account information.

Adobe owned Magento is an open-source e-commerce and CMS platform written in PHP, and it was acquired for $1.68 billion in 2018. It is one of the most popular open e-commerce systems in the network.

Attackers taking advantage of the vulnerability that resides in the Magento portal to exploit the network and gain access to the Magento Marketplace account holder data.

Adobe security experts learned this incident on November 21, soon after they temporarily took down the Magento Marketplace in order to address the issue.

The vulnerability allowed attackers to access some of the sensitive information including Name, Email, MageID, Billing & shipping address and Phone number and other commercial pieces of information.

Adobe also confirmed that there is no financial data (such as credit/debit card) involved in the data breach, and no passwords were compromised.

Adobe sends a security incident noticed to all the customers and said that this issue did not affect the operation of any Magento core products or services.

Adobe data breach notice

According to Jason Woosley, Vice President of Commerce Product & Platform said via blog post “We have notified impacted Magento Marketplace account holders directly,”

“We take these issues seriously and are committed to helping ensure our platforms are secure. We are reviewing our processes to help prevent these types of events from occurring in the future”.

Adobe also confirms that the breach did not affect the operation of any Magento core products or services.

Adobe didn’t disclose any details about the vulnerability and the method used by attackers to exploit the Magento marketplace portal.

Recent Security Incidents

OnePlus Hacked – Customers’ Personal Information Accessed by Hackers

T-Mobile Hacked – Hackers Gained Access to Prepaid Customers Data

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Gamaredon Hackers Weaponize LNK Files to Deliver Remcos Backdoor

Cisco Talos has uncovered an ongoing cyber campaign by the Gamaredon threat actor group,...

“Crocodilus” A New Malware Targeting Android Devices for Full Takeover

Researchers have uncovered a dangerous new mobile banking Trojan dubbed Crocodilus actively targeting financial...

SquareX Discloses Browser-Native Ransomware that Puts Millions at Risk

From WannaCry to the MGM Resorts Hack, ransomware remains one of the most damaging...

Hackers Exploit DNS MX Records to Create Fake Logins Imitating 100+ Brands

Cybersecurity researchers have discovered a sophisticated phishing-as-a-service (PhaaS) platform, dubbed "Morphing Meerkat," that leverages...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

GLPI ITSM Tool Flaw Allows Attackers to Inject Malicious SQL Queries

A critical SQL injection vulnerability, tracked as CVE-2025-24799, has been identified in GLPI, a widely used...

Blacklock Ransomware Infrastructure Breached, Revealing Planned Attacks

Resecurity, a prominent cybersecurity firm, has successfully exploited a vulnerability in the Data Leak...

Synology Mail Server Vulnerability Enables Remote System Configuration Tampering

Synology announced the discovery and resolution of a moderate-severity vulnerability in their Mail Server,...