Adobe disclosed a security breach that affected the users of the Magento Marketplace portal, the security team discovered the incident on November 21. The Magento Marketplace is a website for buying and downloading themes and plugins for e-stores running the Magento CMS.
Magento is the most popular content management solution (CMS) for building e-commerce website, Adobe acquired the company for $1.68 billion in 2018.
According to the data breach notification sent via email by Adobe to its customers, the hackers exploited a vulnerability in the Marketplace website to access account information for registered users. The company did not disclose the number of impacted accounts.
Hackers accessed data of registered users and developers that registered on the portal to sell their plugins and themes.
Exposed data include name, email, store username (MageID), billing and shopping addresses, phone number, and some commercial information, while financial data and passwords were not compromised. In response to the incident, the company temporarily took down the Marketplace in order to fix the vulnerability exploited by hackers.
“On November 21, we became aware of a vulnerability related to Magento Marketplace. We temporarily took down the Marketplace in order to address the issue. The Marketplace is back online. This issue did not affect the operation of any Magento core products or services.” reads the security update published by Magento.
“We have notified impacted account holders directly. “
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – Adobe, Magento)
[adrotate banner=”5″]
[adrotate banner=”13″]
As cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement…
Healthcare service provider Kaiser Permanente disclosed a security breach that may impact 13.4 million individuals…
Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability. Over…
A ransomware attack on a Swedish logistics company Skanlog severely impacted the country's liquor supply. …
CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities…
U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog.…
This website uses cookies.