Adobe: Magento Marketplace portal has been hacked thanks to a vulnerability. It allowed “an unauthorized third-party” to access account information of registered users
Magento Marketplace portal has been hacked. It has been discovered by Adobe cyber security experts. “On November 21, we became aware of a vulnerability related to Magento Marketplace”, explained Jason Woosley, vice president of Commerce Product & Platform, Experience Business at Adobe in a post. “We temporarily took down the Marketplace in order to address the issue. The Marketplace is back online. This issue did not affect the operation of any Magento core products or services. We have notified impacted account holders directly”. However, the company did not disclose the number of impacted accounts. The flaw allowed “an unauthorized third-party” to access account information of registered users. According to ZDNet, they are data such as name, email, store username (MageID), billing and shopping addresses, phone number, and limited commercial information — such as percentages for payments Adobe made to theme/plugin developers.
Just few days ago, the company urged web administrators to install its latest cyber security update in order to defend against malicious attacks in the wild, that could exploit a critical remote code-execution vulnerability
According to the cyber security experts, the hack didn’t result in any outages or disturbances to the Magento’s core products and services. So, there is no reason to believe that the hacker compromised Marketplace’s core hosted backend or plugins and themes. The content management solution (CMS) for building online stores comes as a cloud-based services, but also as a self-hostable solution. It is one of today’s most popular e-commerce platforms, behind Shopify. Adobe acquired the company for $1.68 billion in 2018. Moreover, just few days ago, as ThreatPost reported, Magento urged web administrators to install its latest security update in order to defend against malicious attacks in the wild, that could exploit a critical remote code-execution vulnerability.