Shopify Disclose Security Breach By Two Of Its Employees

  •  
  •  
  •  
  • 2
  •  
  •  
  •  
    2
    Shares

The e-commerce giant Shopify has now fallen prey to an insider issue. Specifically, Shopify has disclosed a security breach caused by two employees that affected some of its merchants.

Shopify Security Breach

In a recent notice, Shopify has disclosed the details of a security breach that occurred from their staff. According to the details, two of its employees accessed merchants’ transaction records. Both rogue members belonged to the support team.

The incident did not have a huge impact and affected less than 200 merchants. However, in the case of those affected, a breach of data has potentially happened.

As stated in the notice,

Those whose stores were illegitimately accessed may have had customer data exposed. This data includes basic contact information, such as email, name, and address, as well as order details, like products and services purchased.

Yet, the breached data does not include payment card numbers or sensitive financial information.

Also, they have confirmed the incident as purely caused by human intervention and not due to any technical flaws.

What Next?

Upon discovering the incident, Shopify has started investigations and involved LEAs in the matter.

We immediately terminated these individuals’ access to our Shopify network and referred the incident to law enforcement. We are currently working with the FBI and other international agencies in their investigation of these criminal acts.

Besides, they have also informed that affected merchants and are communicating with them to address any concerns.

In the previous month, a similar incident happened at the grocery vendor Instacart. Two employees belonging to a contracted support vendor had accessed shopper profiles outside the scope of their jobs as support agents.

While the investigations revealed no download or misuse of accessed data, the company did take action to prevent such incidents from happening again. They suspended the contract with the firm and strengthened the security at their end.

The following two tabs change content below.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!