The Magento e-commerce platform owned by Adobe has recently notified some Magento Marketplace users that unlicensed third parties have been given access to account information.
The attackers, Magento said, exploited the Magento Marketplace vulnerability which enabled them to access information such as name, e-mail, MageID, shipping and billing address, telephone number, and some commercial information (i.e. percentages for production payments).
The company claims that the breach does not affect passwords or payment card data, nor does it affect Magento’s core products and services.
The breach was found on 21 November, and the vulnerabilities to hackers have been patched, the company told customers by phone.
The number of users affected is unclear and Adobe has failed to provide information on the type of vulnerability used in the attack.
The Magento Marketplace was temporarily shut down until the matter was dealt with.
“We take these problems seriously and dedicate ourselves to ensuring the safety of our platforms. We update our processes to prevent these kinds of events in the future, “said Adobe’s Jason Woosley in a blog post that disclosed the security incident.
Adobe admitted one month ago that information about Creative Cloud clients had been exposed due to misconfiguration. The incident also did not expose passwords or financial information.