Adobe discloses the security breach on its Magento Marketplace portal, in results, attackers gained access to the registered customer’s sensitive account information.
Adobe owned Magento is an open-source e-commerce and CMS platform written in PHP, and it was acquired for $1.68 billion in 2018. It is one of the most popular open e-commerce systems in the network.
Attackers taking advantage of the vulnerability that resides in the Magento portal to exploit the network and gain access to the Magento Marketplace account holder data.
Adobe security experts learned this incident on November 21, soon after they temporarily took down the Magento Marketplace in order to address the issue.
The vulnerability allowed attackers to access some of the sensitive information including Name, Email, MageID, Billing & shipping address and Phone number and other commercial pieces of information.
Adobe also confirmed that there is no financial data (such as credit/debit card) involved in the data breach, and no passwords were compromised.
Adobe sends a security incident noticed to all the customers and said that this issue did not affect the operation of any Magento core products or services.
According to Jason Woosley, Vice President of Commerce Product & Platform said via blog post “We have notified impacted Magento Marketplace account holders directly,”
“We take these issues seriously and are committed to helping ensure our platforms are secure. We are reviewing our processes to help prevent these types of events from occurring in the future”.
Adobe also confirms that the breach did not affect the operation of any Magento core products or services.
Adobe didn’t disclose any details about the vulnerability and the method used by attackers to exploit the Magento marketplace portal.
OnePlus Hacked – Customers’ Personal Information Accessed by Hackers
T-Mobile Hacked – Hackers Gained Access to Prepaid Customers Data
A sophisticated cyber campaign orchestrated by the Chinese Advanced Persistent Threat (APT) group, Silver Fox,…
A new wave of cyberattacks attributed to the Ghostwriter Advanced Persistent Threat (APT) group has…
The LCRYX ransomware, a malicious VBScript-based threat, has re-emerged in February 2025 after its initial…
Recent cybersecurity investigations have uncovered a sophisticated technique employed by threat actors to evade detection…
A financial management app named Finance Simplified has been revealed as a malicious tool for…
A recent discovery by cybersecurity researchers has revealed that the Poseidon malware, a macOS-targeting trojan,…