A hacker known by the alias “Satanic” has claimed responsibility for a massive data breach involving WooCommerce, one of the most widely used eCommerce platforms on the web.
The breach, which reportedly occurred on April 6, 2025, involves the theft of over 4.4 million user records, including detailed personal and business information.
Cyber Security News observed that the hacker announced the breach on Breach Forums, a notorious platform for cybercrime and data breaches, stating that the data was not extracted directly from WooCommerce’s core infrastructure but rather from systems closely tied to websites using the platform.
.png
)
This suggests that the breach likely exploited vulnerabilities in third-party integrations such as CRM or marketing automation tools.
Exposed Database Details
The stolen database contains an extensive array of information:
- Customer Details: Over 4.4 million records with emails, phone numbers, physical addresses, and social media links.
- Company Information: Metadata on corporate websites, including sales revenue, employee count, domain authority rankings, and technology stacks.
- Unique Identifiers: 1.3 million unique email addresses and 998,000 unique phone numbers.
The sample data analyzed by Cyber Security News includes records from major organizations, highlighting the scale and potential impact of the breach.
This incident follows a pattern of similar claims by the same hacker, who recently alleged breaches involving Magento and Twilio’s SendGrid, although the company publicly denied the latter.
The WooCommerce breach, if verified, would represent one of the largest known exposures involving WordPress-based commerce platforms this year.
WooCommerce, developed by Automattic, powers over 36% of all online stores, making it the largest eCommerce platform in the world. Its popularity stems from its open-source nature, allowing for extensive customization and integration with various tools and services.
The platform’s growth has been consistent, with its market share increasing significantly since its acquisition by Automattic in 2015.
The breach raises serious concerns about the security of third-party integrations and the potential for data leaks through these channels. Businesses relying on WooCommerce and connected CRM or marketing tools are advised to review their integrations and check for unusual data access patterns.
A spokesperson of WooCommerce told cyber Security News, “We have confirmed that this data was not obtained in a breach of WooCommerce.com or any other Automattic service or site.”
“Based on our investigation, it appears the data is from a service that aggregates publicly accessible data about ecommerce stores and other websites in order to resell it. We are not sure how the data was obtained: whether it was legally downloaded through the service or via other means.”
Application Security is no longer just a defensive play, Time to Secure -> Free Webinar
