Recently, the Magento Marketplace was acquired by Adobe and suffered a breach that exposed a limited amount of user data to an unknown third party.
When Adobe discovered evidence of the breach, they temporarily shut the marketplace down so they could assess the extent of the breach. It has subsequently been reopened.
If you’re not familiar with Magento, it is an online repository where users can find extensions, both paid and free, that enhance the capabilities of the e-commerce platform the company is known for.
The investigation into the breach is ongoing. At this point, the company can confirm that the exposed information included MageID, billing and shipping addresses, phone numbers, user names and email addresses. Also exposed were the percentages paid to developers who host their extensions on the marketplace.
The company stresses that passwords, payment card information and other detailed financial information was not exposed. They also report that the security issues that made the breach possible have been corrected.
If your data was compromised, you should have already received a notification from Magento. The company did not reveal how many users were impacted overall. Although that information may be made available as the investigation into the matter continues.
Since the company confirmed that no passwords were stolen, there’s nothing for you to do if you use the marketplace. As a precaution, however, you may want to change your password just to be safe.
Overall, Adobe and Magento’s handling of the issue has been good, but this has sadly become standard fare. A company makes a misstep. Hackers take advantage. Users pay the price. Company apologizes, and then we get a new headline the following week about it happening somewhere else. Stay vigilant. It’s your best defense against these kinds of issues, which seem to be increasing in their frequency.