Shopify refutes data breach, says third-party is to blame
Shopify, a Canadian e-commerce platform for online stores, denies that it suffered a data breach. Instead, it blames a third-party for the loss on consumer data.
Earlier this month, a hacker with the moniker ‘888’ published a message on BreachForums, a popular forum for hackers on the dark web.
The threat actor claimed he had stolen 179,873 rows of personal details of Shopify customers, including names, email addresses, phone numbers, Shopify IDs, order histories, email subscription dates and SMS subscription dates.
Initially, Shopify didn’t respond to the claims of the threat actor.
Last weekend, a spokesperson of the fintech company told BleepingComputer that a security incident had occurred. However, the company wasn’t to blame for this.
“Shopify systems have not experienced a security incident. The data loss reported was caused by a third-party app. The app developer intends to notify affected customers,” he said.
Shopify didn’t respond to further questions regarding the app the customer data was stolen from. The company also couldn’t confirm what data was taken.
Shopify is a Ottawa-based fintech company that offers an e-commerce platform to businesses and point-of-sale (POS) systems. It hosts over 4.6 million online stores across 175 countries. Last year the company reached a total revenue of 7.1 billion dollars.
‘888’ is a high-ranked threat actor on BreachForums that has earned him the title of ‘Kingpin’. He’s linked to data breaches at Credit Suisse, Shell, Heineken and UNICEF.
Your email address will not be published. Required fields are marked