Hacker Claims Woocommerce Data Breach, Selling 4m User Records

A hacker utilizing nan othername “Satanic” claims a WooCommerce information breach via a 3rd party, trading information connected complete 4.4 cardinal users, including records tied to awesome organizations for illustration NVIDIA, Texas.gov, and nan National Institute of Standards and Technology (NIST).

Just hours aft claiming work for a breach involving Magento, a hacker known arsenic “Satanic” has surfaced again, this clip alleging a information breach connected to WooCommerce, 1 of nan astir wide utilized eCommerce platforms connected nan web.

According to a station made connected Breach Forums earlier today, nan threat character claims nan incident occurred connected April 6, 2025, and involves nan extraction of much than 4.4 cardinal records containing elaborate individual and business information.

The announcement suggests nan information wasn’t pulled from WooCommerce‘s halfway infrastructure straight but alternatively from systems intimately tied to websites utilizing nan platform, apt CRM aliases trading automation devices connected done third-party integrations.

Satanic connected Breach Forums (Screenshot credit: Hackread.com)

The information breach appears to see some customer and company-level information, including emails, telephone numbers, beingness addresses, and societal media links to business information specified arsenic income revenue, worker count, domain authority rankings, and level usage.

In total, nan hacker claims nan database holds:

• 998,000 telephone numbers

• 4,432,120 individual records

• 1.3 cardinal unsocial email addresses

• Metadata connected firm websites, including exertion stacks and costs solutions

A 1,000-line sample shared by nan hacker includes information from respective notable websites, specified arsenic “nist.gov,” nan charismatic tract of nan National Institute of Standards and Technology (NIST), a U.S. Department of Commerce agency. Also listed is “texas.gov,” nan charismatic portal for nan State of Texas.

In summation to authorities entities, nan sample contains records linked to awesome organizations, including NVIDIA Corporation, nan New York City Department of Education, nan University of Oklahoma, and Oxford University Press, alongside information from different well-known institutions and backstage companies worldwide.

Each grounds includes elaborate accusation typically recovered successful well-arranged trading databases, specified arsenic estimated revenue, number of SKUs (Stock Keeping units), trading platforms successful usage (e.g., ActiveCampaign, HubSpot), hosting providers, and links to institution societal media.

Interestingly, respective entries show references to WordPress CMS, pinch WooCommerce listed arsenic nan eCommerce plugin. Others item integrations pinch Salesforce, Pardot, and various costs platforms for illustration PayPal and Stripe. This points to a information root larger than WooCommerce itself, perchance compiled done APIs aliases scraped from exposed CRM panels.

Sample information analysed by Hackread.com (Screenshot credit: Hackread.com)

Data for Sale

The hacker is presently offering nan database for waste via nonstop messages aliases Telegram without listing a fixed price. According to their post, they are “taking offers only.”

This declare follows a increasing shape from nan aforesaid actor, who precocious alleged a breach involving Magento via a 3rd statement and antecedently took in installments for nan Tracelo breach affecting 1.4 cardinal users. Just past week, Satanic besides claimed to person breached Twilio’s SendGrid, though that incident was publically denied by nan company.

If nan WooCommerce-related breach proves authentic, it would correspond 1 of nan largest known exposures involving WordPress-based commerce platforms this year. The operation of individual interaction information, business intelligence, and exertion stack profiling makes nan dataset valuable for threat actors engaged successful phishing, societal engineering, aliases competitory intelligence scraping.

At nan clip of publishing, WooCommerce has not issued immoderate nationalist connection regarding nan claim. While Hackread.com has reached retired to nan company, businesses relying connected WooCommerce and connected CRM aliases trading devices should see reviewing their third-party integrations and checking for different information entree patterns.

This communicative is developing.