Hundreds of Shopify merchants’ data leaked: California man sued

California resident Tassilo Heinrich was arrested by the FBI in February and was recently indicted by a grand jury for his alleged involvement in the Shopify data breach a few months ago .

Heinrich, who faces charges of aggravated identity theft and conspiracy to commit wire fraud , worked with two Shopify customer support employees to steal merchant and customer data.

According to the indictment, Heinrich bribed an employee of a third-party customer support company in the Philippines with thousands of dollars worth of cryptocurrency to access Shopify's internal network and take screenshots of the data or upload it to Google Drive.

The leaked data includes merchant and customer names, billing and shipping addresses, email addresses, payment methods, and even details of purchased items, affecting nearly 200 merchants .

One merchant who received a data breach notification from Shopify said the last four digits of affected customers’ payment cards were also compromised , which the indictment confirms.

The data was used to build fake pages that looked like the original pages, or to sell the data to other unknown conspirators to help them commit fraud against merchants and customers .

Over the course of at least a year, Heinrich harvested more and more data from Shopify’s internal network, at one point asking if he could “remotely access” the computers of customer support employees while they slept.

It is understood that Heinrich has refused to plead guilty and is currently awaiting trial, which will begin on September 7.

Shopify spokesperson Rebecca Feigelsohn said in a brief statement: "Shopify has cooperated with the FBI's investigation into an incident involving the data of a small number of our merchants in September 2020. As previously reported, the individual involved is no longer working with Shopify. The criminal investigation is active and ongoing, and we cannot provide further comment at this time."

In today's big data era, data leaks are not uncommon. In addition to being hacked , security vulnerabilities or internal threats can also lead to data leaks . Recently, the editor also saw Amazon sellers discussing whether to change the backend password and email password after leaving the operation. Data leaks occur frequently, and sellers should also pay more attention to information security issues.

Shopify

Data breach

Seller