Magento Marketplace was hacked; the most insecure platform

Data protection experts reported an intrusion that has impacted Adobe Magento Marketplace users, employed to purchase, sell, and download themes and plugins for Magento-based online stores.

Through an email, the company notified its customers, noting that hackers took advantage of a known vulnerability in the Magento Marketplace website to access compromised systems, resulting in unauthorized access to registered users’ accounts.

In the report, data protection experts mention that both registered users on the site and developers of plugins and themes that use this platform to offer their creations and earn some money were affected.

Adobe has not mentioned any more technical details of the attack, such as the type of vulnerability exploited by threat actors, as it has only merely claimed that the intrusion was detected a week ago. What is known is that the flaw allowed hackers to access multiple details such as:

  • Full names
  • Platform username (MageID)
  • Email address
  • Phone number

The company notes that users’ financial data and passwords were not compromised during this incident, and potentially affected users have already been notified.

The message sent to users, signed by Jason Woosley, Adobe’s Vice President of Business, does not mention the total number of accounts affected. “Magento Marketplace was taken offline as soon as we detected the intrusion, so we hope we’ve cut off the scope of the incident,” Woosley concludes.

Regarding Adobe’s core products and platforms, it is mentioned that the incident had no impact on these resources, and there is no indication to suggest that threat actors managed to compromise Magento’s central backend or plugins and hosted issues at the time of the intrusion.

It should be remembered that Magento is a content management system for creating online stores; it is a cloud-based service variant, although it can also be hosted by itself. According to the data protection experts of the International Institute of Cyber Security (IICS), after Shopify, Magento is the most popular e-commerce platform today.