Unspecified number of users impacted, although payment details not thought to have been compromised

Adobe has admitted a breach against Magento Marketplace, the e-commerce portal that allows web admins to customize their Magento-based online stores.

An unspecified vulnerability in the website left the account information of an unspecified number of registered users and developers exposed, the software maker admitted in a statement on Wednesday.

“On November 21, we became aware of a vulnerability related to Magento Marketplace,” Adobe said. “We temporarily took down the Magento Marketplace in order to address the issue.”

According to Adobe, the issue did not affect the operation of any Magento core products or services.

“The Marketplace is back online,” it added. “We have notified impacted Magento Marketplace account holders directly.”

Adobe’s statement goes onto say that it was “committed to helping ensure our platforms are secure”, promising to review its processes in order to tighten up security in order to help safeguard against similar slip-ups in future.

Adobe failed to specific how many users were affected by the security incident.

Copies of its notification to users doing the rounds on social media suggest the extent of the breach was name, usernames, email addresses phone numbers, and shipping addresses rather than payment details, but this remains unconfirmed.

Limited commercial information – specifically, the percentage of payments Adobe turned over to theme and plugin developers – was also exposed.

The Daily Swig has put in a query and will update this story as and when any more information comes to hand.

Magento is a widely used e-commerce platform. Adobe bought Magento in May 2018.


READ MORE Magecart: How a single skimming case evolved into widespread credit card theft