Magento Marketplace Vulnerability Lead To Security Breach

The popular platform Magento Marketplace has now emerged as the latest victim of a cyber attack. As revealed recently, Magento Marketplace has a serious vulnerability that resulted in a security breach.

Magento Marketplace Suffered Breach

Reportedly, Magento Marketplace, the popular e-commerce platform, has suffered a security breach. The incident has affected numerous users of this platform, exposing their data to hackers.

The news surfaced online after Adobe sent emails to the users notifying them of a security incident. They elaborated in their emails that the platform had a vulnerability that allowed intrusion by unknown attackers.

Consequently, on November 21, 2019, Magento’s security team noticed unauthorized access to the users’ accounts. As disclosed via Adobe’s email, the attackers potentially accessed users’ personal details from the accounts.

The Magento Marketplace account information accessed was the information associated with your Magento Marketplace user account, including name, email, MageID, billing and shipping address information, billing and shipping phone number, and limited commercial information (percentages for payments to developers).

Nonetheless, the financial and payment data of the users as well as the account passwords remained safe during the attack.

Here is a copy of the email received by users as shared on Twitter.

Security Measures Underway

Magento have also confirmed the incident via a separate security notice on their website. Though, they didn’t clearly mention about a breach. Rather, they mentioned about the vulnerability following which, they took down the platform, and later fixed the matter.

On November 21, we became aware of a vulnerability related to Magento Marketplace. We temporarily took down the Magento Marketplace in order to address the issue. The Marketplace is back online. This issue did not affect the operation of any Magento core products or services.

Although, both the sources assured about notifying the users impacted during the incident. However, none of them has clearly mentioned about the exact number of affectees.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients