Adobe has disclosed a data breach incident that exposed the account information of Magento Marketplace users.
According to Adobe, an unauthorised third-party had exploited an undisclosed vulnerability within the marketplace website. This ultimately allowed them to gain unauthorised access to a database containing information on the marketplace’s registered users.
The exposed information included names, email addresses, MageID, billing and shipping address information, and limited commercial information. In addition, account passwords or financial information were not exposed, and products or services were not affected.
Adobe revealed that its security team discovered the intrusion on November 21, however it has not been disclosed as to when Magento Marketplace was compromised.
“On November 21, we became aware of a vulnerability related to Magento Marketplace. We temporarily took down the Magento Marketplace in order to address the issue. The Marketplace is back online. This issue did not affect the operation of any Magento core products or services,” said Jason Woosley, VP of Commerce Product and Platform at Adobe.
Adobe didn’t share the total number of impacted users, however account holders are being notified via email about the breach.
Users are recommended to change their account passwords for Magento Marketplace and other websites where users are utilising the same password.
“We take these issues seriously and are committed to helping ensure our platforms are secure. We are reviewing our processes to help prevent these types of events from occurring in the future,” said Adobe.
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.