Malware
Shopify Debunks Hacking Claims, Exposes Stolen Data Connection to Third-Party App
Shopify has denied being hacked after suspicious emails were sent to customers, blaming a third-party app for the data breach. The firm’s investigation revealed that the app had accessed and stolen data from Shopify’s API, but the incident was not a security breach of the platform itself.
Shopify, the popular e-commerce platform, has recently denied experiencing a data breach after a threat actor started selling customer data that they claimed to have stolen from Shopify’s network. But, don’t worry, it’s not as bad as it seems.
What Shopify had to say
According to Shopify, the company’s systems have not suffered a security incident. They told us, “The data loss reported was caused by a third-party app. The app developer intends to notify affected customers.“
This statement comes after a threat actor, known as ‘888’, began selling data they claimed was stolen from Shopify back in 2024.
Source: IT Services
What’s in the data?
The threat actor shared data samples that include a person’s Shopify ID, first name, last name, email, mobile number, order count, total spent, email subscription, email subscription date, SMS subscription, and SMS subscription date. While this information is significant, it’s important to remember that Shopify itself wasn’t directly breached.
Unfortunately, Shopify did not provide any further information about the app from which this customer’s data was stolen.
A history of data leaks
The threat actor, 888, has been linked to previous data sales or leaks allegedly involving companies like Credit Suisse, Shell, Heineken, Accenture India, and Unicef.
It’s also worth noting that in 2020, Shopify disclosed that two “rogue members” of its support team accessed customer transactional records of about 200 merchants. While this is concerning, it’s essential to recognize the proactive steps the company has taken to address security issues.
Stay informed and protect your data
While this particular incident doesn’t seem to be a direct breach of Shopify’s systems, it’s still a reminder to stay vigilant when it comes to our data. Make sure to stay informed about potential threats and take the necessary steps to protect your personal information.
If you’re interested in learning more about cybersecurity and how to keep your data safe, don’t hesitate to contact us and keep coming back for more valuable information.