Hacker claims theft of 4.4m WooCommerce users’ personal information

A threat actor has claimed that they stole the personal information of as many as 4.4 million WooCommerce users from systems associated with websites connected to the popular e-commerce plugin. 

 

Headquartered in San Francisco, WooCommerce is an open-source e-commerce plugin for WordPress that allows users to easily create and manage online stores, offering features like product listings, payment processing, inventory management, and shipping options.

 

Recently, a threat actor using the moniker “Satanic” claimed that they infiltrated the internal network of WooCommerce and stole confidential data from the company. According to the threat actor’s post, the company’s network was infiltrated on April 6 and “Satanic” is now in possession of sensitive data of over 4.4 million users.

 

 

The stolen database contains over 4.4 million customers’ email addresses, phone numbers, physical addresses, and social media profiles and company information including sales revenue, employee counts, domain authority rankings, and the technology stacks used by affected organisations. The database also contains 1.3 million unique email addresses and 998,000 unique phone numbers.

 

According to Cyber Security News, the stolen database also contained data belonging to several prominent organisations including NVIDIA, Texas.gov, and the National Institute of Standards and Technology (NIST).

 

Satanic has, however, clarified that the stolen data wasn’t collected from WooCommerce’s core infrastructure, rather from systems closely associated with websites using the platform, including CRM or marketing automation tools connected through third-party integrations.

 

A 1,000-line data sample shared by the threat actor includes data from several notable websites, like “nist.gov,” the official site of the National Institute of Standards and Technology (NIST), a U.S. Department of Commerce agency, and “texas.gov,” the official portal for the State of Texas and more.

 

At the time of publishing, WooCommerce didn’t comment on the claims of the threat actor, nor shared details on how they breached the company’s network or if it has received a ransom demand.