Magento Marketplace Vulnerability Lead To Security Breach

  •  
  •  
  •  
  • 1
  •  
  •  
  •  
    1
    Share

The popular platform Magento Marketplace has now emerged as the latest victim of a cyber attack. As revealed recently, Magento Marketplace has a serious vulnerability that resulted in a security breach.

Magento Marketplace Suffered Breach

Reportedly, Magento Marketplace, the popular e-commerce platform, has suffered a security breach. The incident has affected numerous users of this platform, exposing their data to hackers.

The news surfaced online after Adobe sent emails to the users notifying them of a security incident. They elaborated in their emails that the platform had a vulnerability that allowed intrusion by unknown attackers.

Consequently, on November 21, 2019, Magento’s security team noticed unauthorized access to the users’ accounts. As disclosed via Adobe’s email, the attackers potentially accessed users’ personal details from the accounts.

The Magento Marketplace account information accessed was the information associated with your Magento Marketplace user account, including name, email, MageID, billing and shipping address information, billing and shipping phone number, and limited commercial information (percentages for payments to developers).

Nonetheless, the financial and payment data of the users as well as the account passwords remained safe during the attack.

Here is a copy of the email received by users as shared on Twitter.

Security Measures Underway

Magento have also confirmed the incident via a separate security notice on their website. Though, they didn’t clearly mention about a breach. Rather, they mentioned about the vulnerability following which, they took down the platform, and later fixed the matter.

On November 21, we became aware of a vulnerability related to Magento Marketplace. We temporarily took down the Magento Marketplace in order to address the issue. The Marketplace is back online. This issue did not affect the operation of any Magento core products or services.

Although, both the sources assured about notifying the users impacted during the incident. However, none of them has clearly mentioned about the exact number of affectees.

Let us know your thoughts in the comments.

The following two tabs change content below.
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Feel free to leave a comment

Do NOT follow this link or you will be banned from the site!