Last week, a security breach is encountered on the Magento Marketplace website that impacted the registered users. Magento Marketplace is a popular doorway for buying, selling, downloading themes and plugins for Magento based online stores. Written in PHP, Magento is one of the most widely popular e-commerce platforms used by businesses.
The official Magento platform asserts that they became aware of a vulnerability related to Magento Marketplace on 21st November ’19 via official email sent by Adobe to every Magento marketplace owner. Later on, an email was sent to customers as well to inform them related to the same incident.
The big giant Adobe who attained the platform for $1.68 billion last year, also states that it identified vulnerability which was exploited by an unauthorized third party to access account information for registered account holders. Have a look at the email advisory:
The vulnerable data included name, email, store username aka MageID, billing and shopping address, phone number and limited commercial information such as percentages for payments Adobe made to theme/plugin developers.
However, Adobe, later on, affirmed that there was no misuse of information that took place and the users’ information remained unimpacted. Along with that, the account passwords or financial information were also not exposed. The users’ list included the registered users as well as the developers.
Jason Woosley, the VP (Commerce Product & Platform) at Adobe said that “We have notified impacted Magento Marketplace account holders directly”. Though the officials didn’t share the accurate number of impacted accounts. Besides, a Magento spokesperson did not make any comment further.
Woosley also alleges that after the incident took place, we temporarily took down the Magento Marketplace in order to address the issue. The store is now back online. This issue did not affect the operation of any Magento core products or services.
Adobe’s VP Jason Woosley says “We take these issues seriously and are committed to helping ensure our platforms are secure. We are reviewing our processes to help prevent these types of events from occurring in the future,” in a recently published blog post disclosing the security update of the incident. The post is published by the Magento platform itself who believes in keeping up the transparency and maintaining the platform’s security.