Cyber Incident Victim: Adobe Inc.

On November 21, 2019, Adobe detected unauthorized access to its Magento Marketplace website stemming from a vulnerability in the platform. The company traced the breach to an "unauthorized third-party" who exploited this security flaw to access registered user accounts. Impacted individuals included both customers who purchased themes and plugins for Magento-based stores and developers who sold their products through the marketplace. The compromised data encompassed names, email addresses, Magento store usernames (MageIDs), billing and shopping addresses, phone numbers, and limited commercial information such as payment percentages Adobe provided to developers. Adobe confirmed that account passwords and financial information remained secure and were not exposed during the incident. The company did not disclose when the vulnerability was initially exploited or the total number of affected accounts.

Adobe's Vice President of Commerce Product & Platform, Jason Woosley, stated the company took immediate action by taking the Magento Marketplace offline upon discovering the intrusion to address the vulnerability. The platform was subsequently restored after implementing security fixes. Adobe directly notified impacted account holders but did not release additional details beyond its official blog post and customer communications. The breach did not disrupt core Magento products or services, and Adobe found no evidence that the attacker compromised Magento's backend systems or the integrity of plugins and themes hosted on the marketplace. Magento, a leading e-commerce platform offering both cloud-based and self-hosted solutions, maintained normal operations for its primary services throughout the incident response.