2 min read

Rogue Shopify Staff Accessed Customer Records, Says Ecommerce Platform Investigating Security Breach

Graham CLULEY

September 23, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Rogue Shopify Staff Accessed Customer Records, Says Ecommerce Platform Investigating Security Breach
  • Members of Shopify’s support team abused access to company network
  • Customer contact information and order details accessed
  • FBI and international law enforcement agencies are investigating

Shopify, the major ecommerce platform which powers many online stores, has revealed that it suffered a serious breach of security at the hands of two rogue employees.

According to a statement released by the firm, two unnamed members of Shopify’s support team abused their access to the company’s systems in order to access customer transaction details from approximately 200 merchants running online stores.

Customer data which may have been exposed includes:

  • Contact information (such as email address, name, and postal address)
  • Order details, including which products and services may have been purchased.

Thankfully, Shopify says that “complete payment card numbers or other sensitive personal or financial information were not part of this incident.”

That type of information would clearly have increased the severity of the breach, but that’s not to say that there’s no harm in the data which has been exposed.

After all, scammers could exploit contact information and purchase details to craft convincing phishing emails that might attempt to steal users’ passwords or payment information.

In addition, it’s clear that things could have been much worse in terms of scale as well. Shopify boasts of being used by more than one million businesses in 175 different countries, and is considered the third-largest online retailer in the United States after Amazon and eBay.

Ideally no merchants being impacted by the breach would have been the best result of all – but fewer than 200 out of one million suggests that Shopify were able to take action before things escalated to a disastrous level.

Shopify says that upon discovering the breach terminated the individuals’ network access and informed law enforcement agencies. It also says that it is contacting affected merchants to notify them of the incident.

Of course, the “insider threat” posed by malicious employees is one of the biggest potential threats that any company can face. Rogue staff are not the same as malicious remote hackers – they have been granted legitimate access to a network, given passwords, and have access to systems which may not arouse suspicion unless there is out-of-the-norm behaviour which rings alarm bells.

In its statement Shopify reassured merchants and their customers that it treats security as a priority:

“Our teams have been in close communication with affected merchants to help them navigate this issue and address any of their concerns. We don”t take these events lightly at Shopify. We have zero tolerance for platform abuse and will take action to preserve the confidence of our community and the integrity of our product.”

“To put it simply, we are committed to protecting our platform, our merchants, and their customers. We will continue to work hard to earn your trust every day.”

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Identity theft victims report long-lasting physical and emotional problems, ITRC says Identity theft victims report long-lasting physical and emotional problems, ITRC says
Alina BÎZGĂ

September 29, 2022

2 min read
What Happens to Your Data When a Company Gets Breached What Happens to Your Data When a Company Gets Breached
Filip TRUȚĂ

September 28, 2022

2 min read
Data Breach at Australia Telecom Giant Exposes PII of 10 Million Customers Data Breach at Australia Telecom Giant Exposes PII of 10 Million Customers
Alina BÎZGĂ

September 27, 2022

2 min read