Rogue Shopify staff accessed customer records, says ecommerce platform investigating security breach

Rogue Shopify staff accessed customer records, says ecommerce platform investigating security breach
Members of Shopify’s support team abused access to company network
Customer contact information and order details accessed
FBI and international law enforcement agencies are investigating

Shopify, the major ecommerce platform which powers many online stores, has revealed that it suffered a serious breach of security at the hands of two rogue employees.


According to a statement released by the firm, two unnamed members of Shopify’s support team abused their access to the company’s systems in order to access customer transaction details from approximately 200 merchants running online stores.


Customer data which may have been exposed includes:


Contact information (such as email address, name, and postal address)
Order details, including which products and services may have been purchased.

Thankfully, Shopify says that “complete payment card numbers or other sensitive personal or financial information were not part of this incident.”


That type of information would clearly have increased the severity of the breach, but that’s not to say that there’s no harm in the data which has been exposed.


After all, scammers could exploit contact information and purchase details to craft convincing phishing emails that might attempt to steal users’ passwords or payment information.


In addition, it’s clear that things could have been much worse in terms of scale as well. Shopify boasts of being used by more than one million businesses in 175 different countries, and is considered the third-largest online retailer in the United States after Amazon and eBay.


Ideally no merchants being impacted by the breach would have been the best result of all – but fewer than 200 out of one million suggests that Shopify were able to take action before things escala ..

Support the originator by clicking the read the rest link below.