Magento e-commerce platform owned by Adobe was affected by a data breach which exposed the account information of Magento marketplace users to hackers.
Those users who have registered an account with the official Magento marketplace to buy or sell any extension, plugin or e-commerce website theme are advised to change their password immediately.
According to Adobe, the hacker exploited an undisclosed vulnerability in its marketplace website that let them to attain unauthorized third-party access to the database of registered users which includes both the customers (buyers) and the developers (sellers).
The disclosed database includes the user’s names, email addresses, MageID, billing and shipping address information, and some commercial information.
Even though the company does not know when the Magento marketplace was compromised, they confirmed that its security team discovered the breach on November 21.
Adobe also assured that the hackers did not manage to compromise Magento’s core product and services, which indicates that themes and plugins hosted on the Marketplace were not accessed to add any backdoor or malicious code and are safe to download.
On being aware of the vulnerability, the company temporarily took down the Magento Marketplace in order to address the issue and now it is back online. They assured that this issue did not affect the operation of any Magento core products or services.
The company also did not reveal how many users are affected by this incident, but it has started notifying the affected customers via email.
It is not mentioned whether the account passwords were also leaked, but the users are still recommended to change it, and also to change the passwords for any other website that uses the same password.