"Rogue" Shopify Employees Access Customer Data
Two rogue Shopify support team have been caught accessing customer transaction details and other data from around 200 online merchants.
Thankfully, the data stolen 'only' included contact information such as email addresses, names and physical addresses, as well as order details pertaining to products and services purchased.
"Complete payment card numbers or other sensitive personal or financial information were not part of this incident," said Shopify via a statement, adding that they "do not have evidence of the data being utilized".
Shopify immediately terminated the employees' access to their network and are working with the FBI and other international agencies as part of the investigation into the incident.
The affected merchants have been notified and Shopify is working with them to address the issue and any of their concerns.
+ + +
Thanks for visiting SecAlerts and reading this story. We offer a free weekly CVE alert service, or an hourly service from $US20/mth, both of which include software updates and news relating to your software stack. Join more than 1,300 other users and sign up.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.