A seller lost more than $55,000 in sales revenue due to a hacked Shopify account

According to businessinsider , clothing and jewelry seller Andi Rosenberg lost tens of thousands of dollars in sales revenue after her Hipchik online store account, which she created through Shopify, was hacked late last year.

( Hipchik official website)

From November 23, 2020, the store's sales revenue was transferred "unnoticed" to another unknown bank account.

But strangely, Rosenberg could see daily sales revenue in her Shopify account, but her bank account, which she checked only once a month, showed no income coming in. She didn't discover the problem until December 29 when Shopify staff contacted her because of "suspicious login activity detected" and asked her to confirm her bank account and identity information.

Shopify immediately froze Rosenberg’s account on December 30 and reimbursed her for all the revenue she earned since the freezing of her account on January 14, totaling $22,816. However, she still lost the $55,656 she should have earned from November 23 to December 29.

Rosenberg said she opened the Shopify online store in 2018 and achieved nearly $1 million in sales revenue in 2020 when the epidemic broke out. However , when her Shopify account was first hacked in November last year, she never received any notification that her bank information had been changed , which made her very puzzled.

Having failed to recover the tens of thousands of dollars he lost, Rosenberg has negotiated with Shopify's customer service and legal teams, and even tried to contact company executives through LinkedIn. A Shopify customer service representative said its legal team could not come up with an effective solution and suggested that Rosenberg seek private legal counsel, which would in turn make Rosenberg bear the cost of seeking legal advice.

In an interview with businessinsider regarding this incident, a Shopify spokesperson said: "Shopify takes the privacy and security of sellers very seriously and will strive to help sellers better manage their accounts by providing operational guides and suggestions. We recommend that all merchants enable two-factor authentication to prevent unauthorized access to merchant accounts."

( Guide to two-step authentication methods in the Shopify Seller Help Center)

However, Shopify did not explain why it took weeks to detect the suspicious login information and why it did not compensate her for her losses.

Judging from past cases such as the leakage of user information of Ledger, a cryptocurrency hardware wallet provider that has a partnership with Shopify , and Topdser, a dropshipping application, and the theft of seller information by Shopify’s internal employees, Shopify still has a long way to go in strengthening the security of user information.

The above cases also serve as a reminder to sellers that even if the platform has made a commitment to ensure information security, sellers themselves should not be careless. It is best to review and verify the payment accounts from time to time to avoid illegal hacker attacks and cause economic losses.

Shopify

Account Security