Adobe Discloses Security Breach Impacting Magento Marketplace Users (Nov 27, 2019)
Adobe’s Magento Marketplace has experienced a security breach which exposed the personal information of its registered users. The marketplace is used by customers to buy, sell and download themes as well as plugins for Magento-based stores which makes up more than 20% of the top 1000 e-retailers in America and Canada. Threat actors were able to exploit a vulnerability in the Marketplace’s website which would allow third parties illegitimate access to account information of Magento customers. Since the breach was discovered, the marketplace has been taken down to allow for the organisation to deal with this vulnerability. Adobe claim no passwords or account information were exposed in the breach.
Recommendation: As this story portrays, it is important that your company institute policies regarding software in use and proper maintenance. New security updates should be applied as soon as possible because they often fix minor bugs and critical vulnerabilities that delay work-flow or can be exploited by malicious actors. Third-party software vendors must ensure that their software is secure frequently to avoid customers falling victim to cyber threats due to their own vulnerabilities. Any security updates to software must be immediately shared with all customers and subsequently applied immediately. Organisations should also notify customers of any breaches that occur as soon as they learn of them to ensure that they do not become a victim of fraud.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.