A significant data breach affecting websites that rely on the popular eCommerce platform, WooCommerce, has been reportedly claimed by a hacker known as ‘Satanic’. The attack, allegedly carried out on 6 April 2025, has resulted in the compromise of more than 4.4 million customer records containing personal and corporate data.
The stolen information includes a range of sensitive data such as email addresses, phone numbers, physical addresses, and social media profiles. Additionally, details about company revenues, staff sizes, and tech stacks were also included in the compromised data. This breach is believed to have occurred through vulnerabilities in third-party tools integrated with WooCommerce sites, rather than directly breaching WooCommerce’s own infrastructure.
The hacker, who made the announcement on Breach Forums, a notorious hub for cybercrime activity, has indicated that the stolen data is now being offered for sale via private messages or Telegram, with no fixed price. Cyber Security News has confirmed the existence of samples from the exposed data, which includes entries from major organizations. If the breach is confirmed, it would signify one of the largest data exposures linked to a WordPress-based commerce platform in 2025.
This incident follows previous breach claims made by the same hacker involving other platforms like Magento and Twilio’s SendGrid. It’s important to note that the alleged breach involving Twilio’s SendGrid was denied by the company.
WooCommerce, which is owned by Automattic, powers a significant portion of online shops globally, contributing to its widespread use and integration flexibility. However, this breach serves as a warning sign of the growing security risks associated with third-party connections. As of now, WooCommerce has not issued a statement regarding the breach. Businesses that use the platform are advised to conduct audits of their integrations and stay vigilant for any signs of suspicious activity.
This breach underscores the importance of cybersecurity measures for businesses operating online, especially those that rely on eCommerce platforms like WooCommerce. It serves as a reminder of the potential vulnerabilities that can be exploited by malicious actors in the digital landscape. As the investigation into this breach continues, it is crucial for businesses to prioritize data security and implement robust measures to protect their customers’ information.