Hacker claims WooCommerce breach and 4.4 million exposed records
A hacker known as “Satanic” has reappeared, now claiming to have breached the widely-used e-commerce platform WooCommerce. According to the hacker, the breach exposed 4.4 million customer records, which are now allegedly being sold on the dark web.
If the claims are accurate, the breach could have major consequences for both online merchants and their customers.
The hacker’s claim
“Satanic” posted on a well-known cybercrime forum, offering what they describe as a stolen database from WooCommerce. The data reportedly includes millions of records with names, email addresses, phone numbers, physical addresses, and limited billing information.
The post includes screenshots of what appear to be backend database tables containing merchant-related data. However, none of this has been independently verified. As of now, WooCommerce and its parent company Automattic have not made any official statement regarding the incident.
The hacker claims that the data was taken from WooCommerce’s internal systems, not from individual WordPress-based stores.
What data is allegedly included?
According to the post, the database contains:
-
Full names
-
Email addresses
-
Phone numbers
-
Physical addresses
-
Store-related metadata
-
Partial billing details
While the leak does not appear to include full payment information, the exposed personal data could still be used for phishing, scams or social engineering attacks. Learn more about how phishing works and how to spot it. Explore how social engineering manipulates human behavior to exploit vulnerabilities.
Who could be affected?
WooCommerce is used by more than five million online stores globally. If the breach involves platform-level data, it could potentially affect a large number of merchants, even if individual stores weren’t directly targeted.
Merchants could face reputational damage, while customers might experience an increase in phishing emails or fraud attempts if their contact details have been exposed.
What store owners should do now
Although the breach has not been confirmed, store owners should still take precautionary steps to secure their accounts and data.
Here’s what we recommend:
-
Change your passwords on both WooCommerce and WordPress
-
Enable two-factor authentication (2FA) for all users with access
-
Review access logs for suspicious or unfamiliar login attempts
-
Communicate with customers if you suspect any data may have been compromised
-
Be alert for phishing attempts using realistic sender names and leaked details
A growing trend
This incident highlights a broader trend in cybercrime. Instead of going after individual websites, threat actors increasingly target platforms that support large networks of businesses. The payoff is bigger, and the damage more widespread.
At the same time, marketplaces for stolen data remain active, with criminals eager to purchase and exploit large datasets for financial gain.
Final thoughts
Whether this breach is real or not, the threat alone is a reminder of how important it is to stay one step ahead when it comes to cybersecurity. For WooCommerce merchants and users alike, now is the time to double-check your setup and tighten your security.
At Moxso, we help businesses protect their people and their data by making cybersecurity simple and proactive. Staying informed and ready can make all the difference.
Sarah Krarup
Sarah studies innovation and entrepreneurship with a deep interest in IT and how cybersecurity impacts businesses and individuals. She has extensive experience in copywriting and is dedicated to making cybersecurity information accessible and engaging for everyone.
View all posts by Sarah Krarup
