Adobe Announces Hacking of Magento Marketplace

Adobe, which owns Magento since 2018, recently reported about hacking into the Magento Marketplace, where it is possible to purchase plugins and themes for online stores powered by Magento.

Representatives of the company write that due to an unnamed vulnerability on the trading platform, unauthorized persons were able to access the data of user, which registered on the site to buy themes and plugins, as well as to access data about the developers of these solutions that used the portal to sell their products.

It is not known exactly when the attack occurred, but it is reported that a security breach was noticed last week, November 21, 2019.

“On November 21, we became aware of a vulnerability related to Magento Marketplace. We temporarily took down the Magento Marketplace in order to address the issue. The Marketplace is back online. This issue did not affect the operation of any Magento core products or services”, — report Adobe employees.

By exploiting the vulnerability, attackers were able to gain access to user names, their email addresses, MageID, billing and shopping addresses, phone numbers, as well as limited commercial information, for example, about the percentage of payments that Adobe paid to developers. Passwords and billing information were not affected by the attack.

Read also: Children’s smart watch SMA-WATCH-M2 discloses personal data and location information

Although the company did not disclose the exact number of affected accounts, Adobe representatives assured that they had already notified about the incident all the victims.

“We have notified impacted Magento Marketplace account holders directly”, – said Jason Woosley, Vice President of Commerce Product & Platform, Experience Business, at Adobe.

It is also emphasized that all problems in the Magento Marketplace have now been fixed and the resource can be used without fear. In addition, there is no reason to believe that the attackers were able to compromise the main products and services of Magento. It is reported that the attack did not affect the plugins themselves and the topics posted on the trading floor.