Subj : Shopify points to third-party app for data breach
To   : All
From : TechnologyDaily
Date : Mon Jul 08 2024 14:00:06

Shopify points to third-party app for data breach

Date:
Mon, 08 Jul 2024 12:53:51 +0000

Description:
A hacker is selling sensitive data, claiming it came from Shopify, but the 
company disagrees.

FULL STORY
======================================================================

A hacker recently advertised selling a database allegedly stolen from the 
e-commerce giant Shopify. However, the company says the archives did not come 
from its systems, but rather a third party. 

Last week, a threat actor with the alias 888 took to BreachForums to try and 
sell a database containing roughly 180,000 rows of user information. 

This information apparently contains peoples Shopify IDs, full names, email 
addresses, mobile phones, orders counts, total money spent, email 
subscriptions, email subscription dates, SMS subscriptions, and SMS 
subscription dates. Phishing material 

The breach was said to have taken place on July 4, 2024. Soon after the news 
broke, Shopify released a statement to a few media outlets, denying it had 
been breached, and claiming the information was obtained elsewhere. 

"Shopify systems have not experienced a security incident," Shopify told 
BleepingComputer . "The data loss reported was caused by a third-party app. 
The app developer intends to notify affected customers." 

On BreachForums, the hacker released a small sample of the stolen data, as 
proof of its legitimacy. They are selling the archive as a one-time sale, 
meaning multiple purchases were not possible. Interested parties were told to 
reach out to 888 via DMs and offer a sum in Monero (XMR). 

Monero is a cryptocurrency popular among cybercriminals due to its enhanced 
privacy and anonymity features. 

The hacker has a long track record of successful leaks, multiple media 
outlets have confirmed. Just this year, 888 leaked sensitive data from Credit 
Suisse, Assurified, Heineken, and Accenture. 

We will know more details once the third-party app steps forward and notifies 
its customers. In the meantime, all Shopify users would be wise to pay extra 
attention to incoming emails, and be wary of potential phishing or identity 
theft attacks. 

Shopifys last data breach was roughly four years ago. More from TechRadar Pro 
Shopify data breach hits Kylie Jenner make-up firm Here's a list of the best 
firewalls around today These are the best endpoint security tools right now



======================================================================
Link to news story:
https://www.techradar.com/pro/security/shopify-points-to-third-party-app-for-d
ata-breach


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.