Adobe’s e-commerce platform Magento recently informed Magento Marketplace users that an unauthorized third-party gained access to their user account information.
According to Magento, the attackers exploited a vulnerability that allowed them to access personal information such as email address, name, MageID, phone number, shipping and billing address, and some commercial information. The company confirmed that the breach does not impact payment card data or passwords, and claims that the Magento core products are also not affected.
It’s still unclear how users get impacted, and Adobe has not provided any data on the type of vulnerability exploited in the attack.
The Magento Marketplace was shut down temporarily until the issue was addressed, but it’s back online now.
Article source: https://www.securityweek.com/hackers-accessed-magento-marketplace-user-data