Data breach claimed by hacker "Satanic" targeting WooCommerce users, sells data of 4.4M users
Take action: If you are running WooCommerce store, make sure to check all third-party integrations and any weird data access activities. Your data may have been stolen
Learn More
A hacker using the alias "Satanic" is claimed responsibility for a data breach affecting over 4.4 million users and clients of websites using the WooCommerce platform. According to reports, the breach occurred on April 6, 2025, and was announced on Breach Forums shortly after the same threat actor claimed responsibility for a separate Magento breach.
The incident appears to have exploited vulnerabilities in third-party integrations rather than WooCommerce's core infrastructure. The hacker likely targeted systems such as CRM or marketing automation tools that connect to websites using the popular eCommerce platform. The stolen data allegedly includes:
- 4,432,120 individual records
- 1.3 million unique email addresses
- 998,000 phone numbers
- Personal information including physical addresses and social media links
- Business data such as sales revenue, employee counts, domain authority rankings
- Technical information on corporate websites including technology stacks and payment solutions
A 1,000-line sample shared by the hacker reveals data from several notable organizations, including:
- National Institute of Standards and Technology (NIST)
- Texas.gov - the official portal for the State of Texas
- NVIDIA Corporation
- New York City Department of Education
- University of Oklahoma
- Oxford University Press
Each record in the database appears to contain detailed marketing information, including estimated revenue, number of SKUs, marketing platforms in use (such as ActiveCampaign and HubSpot), hosting providers, and links to company social media accounts. Many entries show references to WordPress CMS with WooCommerce listed as the eCommerce plugin, while others highlight integrations with Salesforce, Pardot, and payment platforms like PayPal and Stripe.
The hacker is currently offering the database for sale via direct messages or Telegram, stating they are "taking offers only" without listing a specific price.
If verified, this would represent one of the largest known exposures involving WordPress-based commerce platforms this year. At the time of publishing, WooCommerce has not issued any public statement regarding the claim.
WooCommerce, developed by Automattic, powers over 36% of all online stores globally. Businesses using WooCommerce and connected services are advised to review their third-party integrations and monitor for unusual data access patterns.
