Adobe disclosed today a security breach that impacted users registered on the company's Magento Marketplace, a portal for buying, selling, and downloading themes and plugins for Magento-based online stores. Attackers taking advantage of the vulnerability that resides in the Magento Marketplace to exploit the network and breach access to the Magento users account data.
While Adobe itself did not show the total number of affected users and developers but, it started to contact the affected users via e-mail. A copy of the email sent to Magento users was recently published on Twitter by @sergiocm.
Adobe company that owns Magento marketplace online e-commerce platform today revealed a new data breach event, which disclosed Magento's user account information leaks around the world by an unidentified hackers group or an individuals hacker.
SECURITY MEASURES UNDERWAY
According to the Adobe, the hacker exploited an unknown flaw on Magento online marketplace website that enabled it to get unauthorized access by third parties to the list of registered users both consumers (buyers) and developers (sellers) from around the world.
The stolen file includes user names, e-mail addresses, MageID, billing and forwarding address information and restricted business information. Although Adobe doesn't announce or may not realize when actually Magento Marketplace started develops danger, Adobe confirmed that the vulnerability has been found last week on 21 November by their security team.
The Company has maintained that Magento's main software and services could not get at risk from attackers, implying that no loophole or harmful code was available and that themes and plug-in hosted on the website could be downloaded safely.
"On November 21, we became aware of a vulnerability related to Magento Marketplace. We temporarily took down the Magento Marketplace in order to address the issue. The Marketplace is back online. This issue did not affect the operation of any Magento core products or services," said Jason Woosley, VP of Commerce Product and Platform at Adobe.
Adobe has not explicitly stated is that any users credentials account has been leaked but, they are still encouraged users to change their password and do the same for any other website where users use the same password.