Shopify partner app leaked user privacy, nearly 17,000 sellers affected

Shopify partner app leaked user privacy, nearly 17,000 sellers affected

Recently, Shopify's partner application Topd ser was exposed to be leaking customers' privacy data, including users' credit card data and personal details, affecting thousands of shoppers.

 

It is reported that the root cause of the data leak cannot be 100% determined, but there is considerable evidence that Topdser is the cause of the information leak. The links embedded in the data point to Topdser 's website, and other companies do not have the permission to access or create these links.

 

Topdser is a partner application of Shopify , which supports Shopify sellers to import products from AliExpress and 1688 and publish them to Shopify stores with one click, reducing costs while achieving 3 times the shipping speed; as well as automated bulk ordering, Shopify sellers can use AliExpress 's official interface to seamlessly place orders within seconds, up to 300 orders, without waiting between orders.


( Topdser 's display page in the Shopify App Store )

 

Nearly 17,000 Shopify sellers affected

 

Researchers pointed out that 100,000 purchase data from more than 17,000 Shopify stores were leaked, with the total amount of exposed data reaching 13 GB , while the total amount of data on the Shodan search engine was just over 95 GB .

 

Meanwhile, researchers noted that the breach numbered 17.5 million records when it was first discovered , but Shodan revealed a total of 23 million records were exposed, meaning the data breach could have affected around 80,000 to 100,000 consumers.

 

Screenshots shared by VPNMentor show that the leaked data includes order details, credit card and PII (personally identifiable information) data.



According to the hackread website, VPNMentor discovered the data leak problem of Shopify as early as November 21, 2020, and immediately notified Shopify , but Shopify did not take responsibility for the matter.

 

Topdser was also alerted to the same issue and VPNMentor advised it to close the vulnerability and take steps to protect the exposed data.

 

The database in question was closed on November 24, 2020, but neither company responded or issued an official statement on the matter. Data leaks may pose risks of theft or fraud.

 

Shopify data breaches happen from time to time

 

Not long ago, Shopify was also exposed for its security vulnerability that leaked user information of cryptocurrency hardware wallet provider Ledger , which is expected to put 20,000 Ledger customers at risk.



Due to the leakage of users' full names, home addresses and emails, some users have been phished by criminals, and some have even reported blackmail cases involving death threats.

 

In addition, on September 22, 2020, Shopify was exposed that two of its employees stole transaction records of approximately 200 merchants, but the employees involved had leaked the data in April and June last year, including information of Ledger customers.

 

It is reported that Shopify is cooperating with the FBI and other international law enforcement agencies to investigate the incident. Ledger has also reported the Shopify incident to the French data protection agency and promptly informed users of the progress of the incident involving privacy leaks.

 

It seems that Shopify will have to pay more attention to protecting user privacy and strengthening network security in the future to prevent such incidents from happening again.

Shopify

<<:  106% of British people try new things, and the home economy and pet industry continue to be hot

>>:  A sharp increase of 306.68%! Cross-border sales brought in 20 million yuan in profits

Recommend

What is Amazon Family? Amazon Family Review, Features

Amazon Family , also known as the Amazon Family P...

Another e-commerce platform is suspected to have gone bankrupt!

As the cross-border e-commerce sector is undergoi...

What is CEL.ro? CEL.ro Review, Features

CEL.ro is a Romanian e-commerce platform that sell...

6 North American DTC trends to watch in 2021

As we head into 2021, DTC brands will continue to...

Profits soared 253%! ASOS launches £500 million global expansion plan

According to foreign media reports, ASOS has rece...

What is Shopdeca? Shopdeca Review, Features

Shopdeca is an Indonesian e-commerce platform that...

Actively withdraw the application! Another company's IPO "failed"

When a company grows to a certain size, it will o...

Win! Shenzhen cross-border company received two more rounds of financing

In recent years, the robotics sector has continue...

Another copyright infringement incident! Temu's T-shirt design is not authorized

Whether at home or abroad, it is common to use ot...

What is Hunter Browser? Hunter Browser Review, Features

Linggou Browser is a product of Shenzhen Linggou T...

65% think Japan's vaccine rollout is slow

Nearly two-thirds of Japanese believe the governm...

What is NetEase Payment? NetEase Payment Review, Features

NetEase Pay is a licensed third-party payment pla...