Over 4,000 Adobe Commerce and Magento stores were hacked through the exploitation of a critical vulnerability, identified as CosmicSting (CVE-2024-34102). This attack allowed unauthorized reading of files, including passwords and other sensitive data. The attackers typically stole a secret cryptographic key and modified CMS blocks via the Magento API to inject malicious Javascript aimed at customer data theft. The exploitation led to the installation of payment skimmers in 5% of all Adobe Commerce and Magento store checkouts. Major organizations, such as Ray-Ban and Cisco, were affected, resulting in potentially severe financial and reputational damage.
"id": "ado000100724",
"linkid": "adobe-commerce",
"type": "Vulnerability",
"date": "10/2024",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"