CMS Magento developers prepared a patch that fixes a 10-point RCE vulnerability in the e-commerce…
It is not known exactly when the attack occurred, but it is reported that a security breach was noticed last week, November 21, 2019.
“On November 21, we became aware of a vulnerability related to Magento Marketplace. We temporarily took down the Magento Marketplace in order to address the issue. The Marketplace is back online. This issue did not affect the operation of any Magento core products or services”, — report Adobe employees.
By exploiting the vulnerability, attackers were able to gain access to user names, their email addresses, MageID, billing and shopping addresses, phone numbers, as well as limited commercial information, for example, about the percentage of payments that Adobe paid to developers. Passwords and billing information were not affected by the attack.
Read also: Children’s smart watch SMA-WATCH-M2 discloses personal data and location information
Although the company did not disclose the exact number of affected accounts, Adobe representatives assured that they had already notified about the incident all the victims.
“We have notified impacted Magento Marketplace account holders directly”, – said Jason Woosley, Vice President of Commerce Product & Platform, Experience Business, at Adobe.
It is also emphasized that all problems in the Magento Marketplace have now been fixed and the resource can be used without fear. In addition, there is no reason to believe that the attackers were able to compromise the main products and services of Magento. It is reported that the attack did not affect the plugins themselves and the topics posted on the trading floor.
Magento is a content management solution (CMS) for building online stores. It comes as a cloud-based services, but also as a self-hostable solution. It is one of today’s most popular e-commerce platforms, behind Shopify. Adobe acquired Magento for $1.68 billion in May 2018.
Netsmediashub.com is a domain that tries to force you into clik to its browser notifications…
News-bhexusa.xyz is a domain that tries to trick you into clik to its browser notifications…
News-bhupotu.xyz is a domain that tries to trick you into subscribing to its browser notifications…
News-bhocime.info is a site that tries to trick you into subscribing to its browser notifications…
You-hub.online is a site that tries to force you into clik to its browser notifications…
News-bhecudu.live is a domain that tries to force you into clik to its browser notifications…