A hacker known by the alias “Satanic” is claiming to have breached Magento through a third-party integration, compromising CRM data of over 700,000 users. This leak contains sensitive information such as email addresses, phone numbers, and company details from prominent organizations.
The cybercriminal identified as “Satanic” has come forward to assert responsibility for a significant data breach involving Magento, the widely-used open-source e-commerce platform that supports numerous businesses around the world. The alleged breach took place on April 9, 2025, and was reportedly executed through a third-party integration. It has resulted in the theft of a substantial dataset that includes detailed personal and business contact information.
The validity of this breach has yet to be confirmed by Adobe, the parent company of Magento. According to the hacker, the breach includes 745,000 unique records, comprising 430,000 distinct email addresses and 261,000 phone numbers. This entire dataset has surfaced on Breach Forums, a well-known platform associated with cybercrime and data leaks.
From BBC to Chicago Tribune
According to an analysis by Hackread.com, the data appears to originate from a customer relationship management (CRM) system tied to Magento implementations. It encompasses names, job titles, corporate email addresses, company domains, phone numbers, and social media links, representing a diverse range of organizations from the BBC to the Chicago Tribune, among others.
Part of the leaked information includes a file labeled “MagentoCRM” containing organized entries that detail individual records. For instance, one record linked to the BBC provides comprehensive contact details for a director, along with links to the organization’s social profiles and metadata concerning business sectors, technology use, and online storefronts.
The released files exhibit structured CRM-style data rather than raw passwords or payment information, yet the nature of the leak poses significant risks. The stolen information may be exploited for phishing attacks, B2B impersonation scams, or profiling of high-value individuals. Additionally, numerous records seem to include verified LinkedIn accounts, corporate email aliases, and customer service contact information.
The database further contains technical metadata that could assist potential attackers in gathering insights regarding each company’s technological framework, marketing tools, and payment processing platforms. Notably, one entry refers to Magento alongside Salesforce, Adobe Experience Manager, and Stripe, suggesting that the compromised data may have been obtained through a technology intelligence platform or CRM enhancement tool integrated into Magento workflows.
While the data appears authentic and not fabricated, this breach follows closely after Satanic garnered attention last week for claiming access to what they termed the complete database of Twilio’s SendGrid email platform—a claim disputed by Twilio, though the hacker continues to uphold their assertion in various cybercrime forums.
In September 2024, the same actor was involved in the Tracelo breach, which saw information from 1.4 million users of a geolocation tracking service leaked online. Beyond these incidents, Satanic is recognized for sharing logs from infostealing malware via Telegram channels, typically serving as conduits for cybercriminals to disseminate compromised login credentials and digital fingerprints.
As Hackread.com has reached out to Adobe for further comment, businesses utilizing Magento, especially those that link to CRM tools, are advised to review their integrations, keep a lookout for unusual activities, and evaluate data access policies across connected services.
This incident highlights the increasing vulnerability of third-party supply chain elements that affect digital commerce platforms. The primary risk does not reside within the core platform itself, but rather in the external data integrations that funnel sensitive information into it.
