Adobe, which since 2018 owned by Magento, reported a hacking site Magento Marketplace, where you can buy plugins and themes for online stores running on the basis of Magento.
Company representatives they writethat due to an unnamed vulnerability on the trading floor, unauthorized persons were able to access the data of registered users who registered on the site to buy themes and plugins, as well as data on the developers of these very solutions that used the portal to sell their products.
It is not known exactly when the attack occurred, but it is reported that a security breach was noticed last week, November 21, 2019. By exploiting the vulnerability, attackers were able to gain access to user names, their email addresses, MageID, billing and shopping addresses, phone numbers, as well as limited commercial information, for example, about the percentage of payments that Adobe paid to developers. Passwords and billing information were not affected by the attack.
Although the company did not disclose the exact number of affected accounts, Adobe representatives assured that they had already notified the incident of all the victims of the incident.
It is also emphasized that all problems in the Magento Marketplace have now been fixed and the resource can be used without fear. In addition, there is no reason to believe that the attackers were able to compromise the main products and services of Magento, that is, it is reported that the attack did not affect the plugins themselves and the topics posted on the trading floor.