Shopify Discloses Security Incident Involving Some Merchants’ Data
The State of Security
Canadian multinational e-commerce company Shopify disclosed a security incident that involved the information of some of its merchants.
On September 22, Shopify published an incident update on its website. This bulletin explained that “two rogue members” of the company’s support team had attempted to obtain the customer transaction records of fewer than 200 merchants by exploiting a technical vulnerability in its platform.
An investigation into what happened revealed that the incident had not affected most of Shopify’s merchants but had exposed customer data for some of the affected stores.
That data included customers’ contact information including their names, email addresses and physical addresses along with their order details. It did not include payment card details or other sensitive data.