Shopify denies that it was hacked

 

Shopify denies it was hacked, links stolen data to third-party app

By 

Lawrence Abrams

 

• July 7, 2024
 
• 10:09 AM
 
• 0

E-commerce platform Shopify denies it suffered a data breach after a threat actor began selling customer data they claim was stolen from the company's network.

"Shopify systems have not experienced a security incident," Shopify told BleepingComputer.

"The data loss reported was caused by a third-party app. The app developer intends to notify affected customers."

Latest StoriesRoblox vendor data breachexposes dev conference attendee info

This statement comes after a threat actor known as '888'  began selling data earlier this week that they claim was stolen from Shopify in 2024.

Selling alleged Shopify data on a hacking forum
Source: BleepingComputer

The threat actor shared data samples that include a person's Shopify ID, first name, last name, email, mobile number, order count, total spent, email subscription, email subscription date, SMS subscription, and SMS subscription date.

Shopify did not respond to further requests for more information about the app from which this customer's data was stolen.

The threat actor, 888, has previously sold or leaked data allegedly linked to Credit Suisse, Shell, Heineken, Accenture India, and Unicef.

In 2020, Shopify disclosed that two "rogue members" of its support team accessed the customer transactional records of about two hundred merchants.

Related Articles:

Roblox vendor data breach exposes dev conference attendee info

Neiman Marcus confirms data breach after Snowflake account hack

Advance Auto Parts confirms data breach exposed employee information

AMD investigates breach after data for sale on hacking forum

ShinyHunters claims Santander breach, selling data for 30M customers

• APPS
 
• CYBERSECURITY
 
• DATA BREACH
 
• HACKING FORUM
 
• SHOPIFY
 
• THIRD-PARTY DATA BREACH
•