[German]The Magento Marketplace site belonging to Adobe was successfully hacked. Adobe had to announce a data breach and has informed registered and affected users about this cyber security incident.
Adobe’s Magento eCommerce platform was recently named leader in this area for the third consecutive year, ahead of Gartner. The platform is quite successful and popular for setting up online shops. Magento Marketplace is a platform on which operators of Magento eCommerce shops can register to purchase extensions or themes or offer their own solutions.
Adobe confirms Magento Marketplace hack
Through The Hacker News I became aware of a hack at Adobe’s Magento Marketplace. Adobe must have admitted a hack of the platform to affected customers. The following tweet contains the mail.
— Hx01 (@Hxzeroone) November 27, 2019
On November 21, 2019, the platform’s security team noticed an unauthorized third party accessing customer data. The account data of the registered users was accessed. The attackers were able to see the name, e-mail address, MageID, as well as addresses for billing, etc. The attackers were able to access the customer data. However, payment data such as account data could not be retrieved.
During the investigation, the team came across an vulnerability (possibly described here) in the platform software that made this hack possible in the first place. Immediately after the hack was detected, those responsible took the platform offline (the platform is now online again). According to this blog post, the hack had no effect on the operation of Magento’s core products or services.
According to Adobe, the affected Magento Marketplace account holders were informed directly. However, no details on the number of affected customers were provided. If you were logged on to the platform, you should be careful to change your password and be careful about spam.