Recently, the online e-commerce giant Shopify has encountered a security breach, and now, Shopify is working with the FBI and other law enforcement companies to examine the whole security breach that was produced by two of its rogue employees.
The two employees of Shopify are from the support team, who stole the customer data from at least 100 merchants. That’s why the authorities of Shopify have quickly terminated both the individuals’ that have access to the Shopify network and mentioned all the incidents to law enforcement.
However, until now, the company has boasted more than one million registered merchants in its most advanced quarterly filings. The authorities of Shopify affirmed that this incident was not the outcome of a technical vulnerability in their platform, and the vast majority of merchants who are utilizing Shopify are not affected.
Those whose stores were illegitimately accessed by the threat actors, they will all their customers’ data with them. Moreover, Shopify also asserted that it does not have any proof by which they can recommend that the data was used, but it had informed all the affected merchants about the incident.
According to the report of the FBI and Shopify, the two rogue employees may have taken customer data that includes the following PI:-
- Postal addresses
- Phone Numbers
Apart from this, they also stole sensitive personal and financial information like full payment card details, which was not accessed.
One merchant of Shopify has shared a copy of the email notification with TechCrunch, which stated that the company first became conscious regarding the data breach on September 15. That’s why in this merchant’s case, more than 1.3 million customer records; over 4,900 were accessed.
They also found that these two employees gathered data that was convenient using Shopify’s Orders API. API lets merchants process all its orders on account of their customers. Not only this, but the email also notes that the last four digits of the customers’ payment card were also taken in the conflict.
Shopify has kept very close contact with the affected merchants so that they can help them to navigate this whole issue and address any concerns regarding the conflict. But, Shopify claimed that they have zero tolerance for platform abuse and will take action to guard the whole community and the integrity of their products.
So, to accomplish the above statement, they are now constantly focusing on the investigation, and they will keep informing every information regarding this conflict to all its affected merchants.