Adobe discloses the security breach on its Magento Marketplace portal, in results, attackers gained access to the registered customer’s sensitive account information.
Adobe owned Magento is an open-source e-commerce and CMS platform written in PHP, and it was acquired for $1.68 billion in 2018. It is one of the most popular open e-commerce systems in the network.
Attackers taking advantage of the vulnerability that resides in the Magento portal to exploit the network and gain access to the Magento Marketplace account holder data.
Adobe security experts learned this incident on November 21, soon after they temporarily took down the Magento Marketplace in order to address the issue.
The vulnerability allowed attackers to access some of the sensitive information including Name, Email, MageID, Billing & shipping address and Phone number and other commercial pieces of information.
Adobe also confirmed that there is no financial data (such as credit/debit card) involved in the data breach, and no passwords were compromised.
Adobe sends a security incident noticed to all the customers and said that this issue did not affect the operation of any Magento core products or services.
According to Jason Woosley, Vice President of Commerce Product & Platform said via blog post “We have notified impacted Magento Marketplace account holders directly,”
“We take these issues seriously and are committed to helping ensure our platforms are secure. We are reviewing our processes to help prevent these types of events from occurring in the future”.
Adobe also confirms that the breach did not affect the operation of any Magento core products or services.
Adobe didn’t disclose any details about the vulnerability and the method used by attackers to exploit the Magento marketplace portal.