Shopify are the latest big ecommerce name to have a security breach. Following eBay (rogue security staff) and Amazon (bribing employees), Shopify have discovered that two rogue members of their support team were engaged in a scheme to obtain Shopify transaction data of certain merchants.
Less than 200 merchants were effected and Shopify immediately launched an investigation to identify the issue and impact so they could take action and notify the affected merchants. Naturally they terminated these rogue support team members’ access to the Shopify network and referred the incident to law enforcement.
“We are currently working with the FBI and other international agencies in their investigation of these criminal acts. While we do not have evidence of the data being utilized, we are in the early stages of the investigation and will be updating affected merchants as relevant.”
With over a million merchants using their platform, this is in reality a tiny security breach, although nonetheless concerning for those who’s Shopify transaction data was compromised. This incident was not the result of a technical vulnerability on Shopify and the vast majority of merchants using Shopify are not affected. If you’ve not heard anything from Shopify then it’s likely you are one of the almost 1 million merchants who were unaffected
The stolen Shopify transaction data includes basic contact information, such as email, name, and address, as well as order details, like products and services purchased. Complete payment card numbers or other sensitive personal or financial information were not part of this incident. It looks very much like targeted data to inform give a competitive advantage to the recipients of the data.
“Our teams have been in close communication with affected merchants to help them navigate this issue and address any of their concerns. We don’t take these events lightly at Shopify. We have zero tolerance for platform abuse and will take action to preserve the confidence of our community and the integrity of our product.
To put it simply, we are committed to protecting our platform, our merchants, and their customers. We will continue to work hard to earn your trust every day.”