In a recent development in the world of cybersecurity, a hacker going by the alias “Satanic” has claimed responsibility for a data breach involving WooCommerce, a popular eCommerce platform used by many online businesses. This breach, which allegedly occurred on April 6, 2025, is said to have compromised the data of over 4.4 million users and clients. The hacker claims to have obtained detailed personal and business information from various organizations, including major entities like NVIDIA, Texas.gov, and the National Institute of Standards and Technology (NIST).
The breach is believed to have occurred not directly within the WooCommerce infrastructure but through systems connected to websites using the platform, possibly through third-party integrations like CRM or marketing automation tools. The compromised data includes a wide range of information, such as emails, phone numbers, physical addresses, social media links, sales revenue, employee count, domain authority rankings, and platform usage.
The hacker has shared a sample of the data, revealing over 4.4 million individual records, 1.3 million unique email addresses, and metadata on corporate websites, including details on technology stacks and payment solutions. The sample also includes data from prominent organizations like NIST, texas.gov, NVIDIA Corporation, the New York City Department of Education, the University of Oklahoma, and Oxford University Press, among others. Each record in the sample provides comprehensive information typically found in marketing databases, including revenue estimates, SKU numbers, marketing platforms in use, hosting providers, and social media links.
Connections to WordPress CMS, with WooCommerce as the eCommerce plugin, as well as integrations with platforms like Salesforce, Pardot, and payment processors like PayPal and Stripe, suggest a broader data source beyond just WooCommerce itself. The hacker is reportedly offering the database for sale through direct messages or Telegram, inviting offers without specifying a fixed price.
This incident follows previous claims by the same hacker regarding breaches involving Magento, Tracelo, and Twilio’s SendGrid. If confirmed, the WooCommerce breach would be one of the most significant exposures involving WordPress-based eCommerce platforms this year. The compromised data’s combination of personal and business information makes it valuable for threat actors engaging in activities like phishing, social engineering, and competitive intelligence scraping.
As of now, WooCommerce has not made any public statements regarding the alleged breach. Businesses using WooCommerce and connected CRM or marketing tools are advised to review their third-party integrations and monitor for any unusual data access activities. The situation is still developing, and further updates may follow as more information becomes available.