The app in duscission is Shopify dropshipping app called Topdser which is also the official partner dropshipping app of AliExpress.
A mainstream Shopify app was leaking sensitive data and as a result, thousands of customers were affected. The app exposed private data of Shopify customers, including credit card data and personal details.
The Origins of the Leak Unclear
VPNMentor researchers who identified the data aren’t 100% sure about the actual originating point of the data leak. However, as per the evidence they have found, Shopify dropshipping app Topdser caused the leak.
See: Shopify Suffered Data Breach Because of “Rogue” Employees
Topdser is quite similar to Oberlo app that connects Shopify websites with AliExpress and automates other business processes.
“In this case, we couldn’t conclude with 100% certainty that Topdser was responsible for the data leak, although there’s considerable evidence to suggest it was,” said vpnMentor’s blog post shared with Hackread.com
The links embedded in the data were directed to the website of Topdser as no other company can gain access or permissions required to create them.
Thousands of Shoppers Impacted
Researchers state that over 100,000 purchase data was compromised from more than 17,000 Shopify stores. Additionally, researchers revealed that the exposed data was around 13GB at the time of discovery, but on Shodan, the total size of data was 95+ GB.
Similarly, at the time of discovery, the researchers noted that the number of leaked records was 17.5 million; however, Shodan revealed that 23 million records were compromised in total. This means the data leak could ..
Support the originator by clicking the read the rest link below.
