Almost 180,000 Shopify customer records appeared on a well-known hacker forum, but the e-commerce provider denies any responsibility for the security breach.
The company emphasized in a statement to BleepingComputer: “The Shopify systems were not affected by a security incident.” Instead, the data loss was caused by a third-party app. The company did not reveal which application was involved.
According to Shopify, the app developer plans to inform the affected customers. The company did not wish to provide further details on the number of customers affected. On July 3, 2024, a hacker under the pseudonym “888” published the data on a clear web forum. According to the cybercriminal, the data set is said to contain 173,873 user data records.
The leaked information on Breachforums includes, among other things: Shopify ID, name, email, mobile number and purchase history. The hacker offered the data for one-time sale and invited interested parties to make offers in the cryptocurrency Monero. The player “888” is no stranger to the scene. In 2024 alone, he published several alleged data leaks, including from Credit Suisse, Assurified, Heineken and Accenture, although only three email addresses were confirmed out of 32,000 employees allegedly affected by the latter.
Shopify is a Canadian-based multinational company that offers its own e-commerce platform along with integrations that allow individuals, retailers and other businesses to set up their own online stores or point-of-sale websites.