CyberSecurity news
FlagThis
@cybersecuritynews.com
//
A hacker using the alias "Satanic" has claimed responsibility for a significant data breach affecting WooCommerce, a widely used eCommerce platform. The breach, said to have occurred on April 6, 2025, reportedly compromised over 4.4 million user records. According to the hacker's posts on Breach Forums, the data was not directly extracted from WooCommerce's core infrastructure but from systems closely linked to websites utilizing the platform, potentially through third-party integrations such as CRM or marketing automation tools. The alleged breach has raised concerns about the security of third-party integrations within the WooCommerce ecosystem.
The compromised database reportedly includes an extensive array of sensitive information. This includes 4,432,120 individual records, 1.3 million unique email addresses, and 998,000 phone numbers. It also encompasses metadata on corporate websites, such as technology stacks and payment solutions. A sample of the stolen data reveals records from prominent organizations like the National Institute of Standards and Technology (NIST), Texas.gov, NVIDIA Corporation, the New York City Department of Education, and Oxford University Press. Each record contains detailed information typically found in marketing databases, including estimated revenue, marketing platforms, hosting providers, and social media links.
Adding to the woes of WooCommerce users, a separate security threat has emerged with the discovery of a malicious Python package named "disgrasya" on PyPI. This package, detected by the Socket Research Team, contains an automated carding script specifically designed to target WooCommerce stores using CyberSource as their payment gateway. The malware simulates legitimate user behavior to avoid detection while exfiltrating stolen credit card data. Organizations are advised to enable fraud protection rules, monitor for suspicious patterns, implement CAPTCHA or bot protection, and rate limit checkout and payment endpoints to mitigate the risk of automated carding attacks.
ImgSrc: blogger.googleu
References :
The compromised database reportedly includes an extensive array of sensitive information. This includes 4,432,120 individual records, 1.3 million unique email addresses, and 998,000 phone numbers. It also encompasses metadata on corporate websites, such as technology stacks and payment solutions. A sample of the stolen data reveals records from prominent organizations like the National Institute of Standards and Technology (NIST), Texas.gov, NVIDIA Corporation, the New York City Department of Education, and Oxford University Press. Each record contains detailed information typically found in marketing databases, including estimated revenue, marketing platforms, hosting providers, and social media links.
Adding to the woes of WooCommerce users, a separate security threat has emerged with the discovery of a malicious Python package named "disgrasya" on PyPI. This package, detected by the Socket Research Team, contains an automated carding script specifically designed to target WooCommerce stores using CyberSource as their payment gateway. The malware simulates legitimate user behavior to avoid detection while exfiltrating stolen credit card data. Organizations are advised to enable fraud protection rules, monitor for suspicious patterns, implement CAPTCHA or bot protection, and rate limit checkout and payment endpoints to mitigate the risk of automated carding attacks.
ImgSrc: blogger.googleu
Share:
References :
- Cyber Security News: CyberPress article on WooCommerce Allegedly Breached
- hackread.com: Hackread article on WooCommerce data breach
- Cyber Security News: Hackers Allegedly Claiming WooCommerce Breach, 4.4 Million Customer Details Stolen
- hackread.com: Hacker Claims WooCommerce Data Breach, Selling 4.4 Million User Records
- cyberpress.org: WooCommerce Allegedly Breached, 4.4 Million Customer Details Exposed
Classification:
- HashTags: #Woocommerce #Dataleak #Usersrecords
- Company: WooCommerce
- Target: WooCommerce Users
- Product: WooCommerce
- Feature: Customer data records theft
- Malware: WooCommerce
- Type: DataBreach
- Severity: Major