Was Shopify really hacked? Discover the link between the stolen data and a third-party application!

Show summary Hide summary


  • Shopify was it really hacked?
  • Discover the link between stolen data and a third-party application !

In the twists and turns of the digital web, a question persists: has Shopify really been hacked? Does the stolen data originate in a third-party application? Let’s dive into the heart of this cybernetic intrigue to unravel its mysteries.

Was Shopify really hacked?

The recent controversy surrounding the Shopify e-commerce platform has raised many questions about the security of its users’ data. A malicious actor, known as ‘888’, has started selling customer data it claims to have stolen from the Shopify network. However, Shopify has strongly denied suffering a data breach.

“Shopify’s systems have not experienced any security incidents,” the company told BleepingComputer. Instead, they attributed the data loss to a third-party app, whose developer intends to notify affected customers.

To read Shopify (NYSE:SHOP): How did it outperform other e-commerce software players in Q1?

Compromised data: what is it really?

The threat actor ‘888’ shared data samples that include sensitive information like a person’s Shopify ID, first name, last name, email address, mobile phone number, number of orders, total spent, and email and SMS subscriptions. This data was put up for sale on a hacking forum, raising concerns about the integrity of Shopify users’ data.

A history of security breaches

This isn’t the first time Shopify has been in the spotlight for security incidents. In 2020, the company revealed that two of its support team members had illegitimately accessed the customer transactional records of some two hundred merchants. This revelation had already cast a shadow over the platform’s reputation regarding data security.

The importance of third-party app security

The current uprising highlights a recurring problem in the field of cybersecurity: the trust placed in third-party applications. When third-party applications access data residing on platforms like Shopify, they become potential targets for bad actors. It is therefore crucial for developers and users to understand the associated risks and take precautionary measures.

Point of Controversy Details
Hacking claimed Malicious actor ‘888’ claims to sell stolen data from Shopify.
Shopify response Shopify denies any breach of its security systems.
Source of stolen data Stolen data attributed to a third-party application.
Compromised data Shopify ID, name, email, phone, order history, subscriptions.
History of vulnerabilities Previous incidents in 2020 with support team members.

Some precautions to take

  • Use reputable third-party applications and regularly check the permissions granted.
  • Change passwords frequently and use multi-factor authentication.
  • Monitor suspicious transactions and security notifications.
  • Notify Shopify or any other vendor immediately if you are concerned about a data compromise.

Share your opinion