Hackers Claim Magento Breach via Third-Party, Leak CRM Data of 700K Users – Source:hackread.com

A hacker using the alias “Satanic” claims Magento breach via third-party, leaks CRM data of more than 700,000 users, including emails, phone numbers, and company info from major firms.

A threat actor known as “Satanic” has claimed responsibility for a new data breach involving Magento, the open-source e-commerce platform used by thousands of businesses globally. According to the hacker, the alleged data breach occurred on April 9, 2025, via a third-party integration, leading to the theft of a large dataset containing detailed business and personal contact information.

The breach, which remains unverified by Adobe (Magento’s parent company), includes what the hacker describes as 745,000 unique entries, with 430,000 unique email addresses and 261,000 phone numbers. The entire dataset has been leaked on Breach Forums, a notorious cybercrime and data breach platform.

From BBC to Chicago Tribune

As analysed by Hackread.com, the data appears to be pulled from a CRM system linked to Magento deployments and includes names, job titles, corporate emails, company domains, phone numbers, and social media links, including organizations from BBC to Chicago Tribune and many more.

A file titled “MagentoCRM”, shared as part of the leak, contains structured entries showing in-depth details for each record. In one example, a record tied to the BBC lists a director’s full contact data, along with links to the organization’s social profiles and metadata about business verticals, technology usage, and online storefronts.

The sample files also show CRM-style data rather than raw credentials or payment information, but the nature of the leak still poses a serious risk. The information could be used in phishing or B2B impersonation scams or for profiling high-value targets. Additionally, several records appear to contain verified LinkedIn accounts, corporate email aliases, and customer service contact details.

The database also includes technical metadata that could assist attackers in understanding each company’s tech stack, marketing platforms, and even their payment processors. One entry references Magento alongside Salesforce, Adobe Experience Manager, and Stripe, suggesting the breached data may have been extracted from a tech intelligence platform or CRM enrichment tool integrated into Magento workflows.

While the data itself appears real and not AI-generated, this breach claim follows Satanic’s appearance in headlines last week, after offering what they described as the entire database of Twilio’s SendGrid email platform. That breach was denied by Twilio, but the hacker has maintained their claim in cybercrime forums.

In September 2024, the same actor was behind the Tracelo breach, where data from 1.4 million users of a geolocation tracking service was leaked online. In addition to these incidents, Satanic is known for sharing infostealer logs via Telegram channels, which are often used by cybercriminals to distribute compromised credentials and digital fingerprints.

While Hackread.com has reached out to Adobe, businesses using Magento, particularly those with connected CRM tools, are urged to audit their integrations, monitor for suspicious activity, and review data access policies across connected services.

This incident adds to a growing list of third-party supply chain risks affecting digital commerce platforms, where the weakness lies not in the platform itself but in the data pipes feeding into it.