Shopify denies it was hacked, links stolen data to third-party app
E-commerce platform Shopify denies it suffered a data breach after a threat actor began selling customer data they claim was stolen from the company's network.
"Shopify systems have not experienced a security incident," Shopify told BleepingComputer.
"The data loss reported was caused by a third-party app. The app developer intends to notify affected customers."
This statement comes after a threat actor known as '888' began selling data earlier this week that they claim was stolen from Shopify in 2024.
The threat actor shared data samples that include a person's Shopify ID, first name, last name, email, mobile number, order count, total spent, email subscription, email subscription date, SMS subscription, and SMS subscription date.
Shopify did not respond to further requests for more information about the app from which this customer's data was stolen.
The threat actor, 888, has previously sold or leaked data allegedly linked to Credit Suisse, Shell, Heineken, Accenture India, and Unicef.
In 2020, Shopify disclosed that two "rogue members" of its support team accessed the customer transactional records of about two hundred merchants.
source: BleepingComputer
Free security scan for your website
Top News:
Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)
November 18, 2024CWE top 25 most dangerous software weaknesses
November 21, 2024Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor
November 21, 2024APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware
November 23, 2024Microsoft rolls out Recall to Windows Insiders with Copilot+ PCs
November 23, 2024Download: CIS Critical Security Controls v8.1
August 8, 2024