Incident Update

Highlighted
Shopify Staff
Shopify Staff
10 0 5

Recently, Shopify became aware of an incident involving the data of less than 200 merchants. We immediately launched an investigation to identify the issue--and impact--so we could take action and notify the affected merchants.

Our investigation determined that two rogue members of our support team were engaged in a scheme to obtain customer transactional records of certain merchants. We immediately terminated these individuals’ access to our Shopify network and referred the incident to law enforcement. We are currently working with the FBI and other international agencies in their investigation of these criminal acts. While we do not have evidence of the data being utilized, we are in the early stages of the investigation and will be updating affected merchants as relevant.

This incident was not the result of a technical vulnerability in our platform, and the vast majority of merchants using Shopify are not affected. However, those whose stores were illegitimately accessed may have had customer data exposed. This data includes basic contact information, such as email, name, and address, as well as order details, like products and services purchased. Complete payment card numbers or other sensitive personal or financial information were not part of this incident.

Our teams have been in close communication with affected merchants to help them navigate this issue and address any of their concerns. We don’t take these events lightly at Shopify. We have zero tolerance for platform abuse and will take action to preserve the confidence of our community and the integrity of our product.

To put it simply, we are committed to protecting our platform, our merchants, and their customers. We will continue to work hard to earn your trust every day.

New Member
1 0 1

What merchants are affected? Will you notify your merchants that are affected? 

Highlighted
New Member
1 0 2

The first paragraph makes it seem like so.

It's a great time to look at GDPR Art. 33 & 34 and Recital 87:

https://gdpr-info.eu/art-33-gdpr/
https://gdpr-info.eu/art-34-gdpr/
https://gdpr-info.eu/recitals/no-87/

 

Highlighted
Shopify Staff
Shopify Staff
10 0 5

@lireille wrote:

What merchants are affected? Will you notify your merchants that are affected? 


Hi @lireille

All affected merchants have been contacted.

Highlighted
Shopify Partner
1 0 0

I have a client using Shopify and her store was hacked two nights in a row (Monday and Tuesday night). Is this related or was data compromised in some other way? 

0 Likes
Highlighted
Shopify Staff
Shopify Staff
10 0 5

@ElizabethAragao wrote:

I have a client using Shopify and her store was hacked two nights in a row (Monday and Tuesday night). Is this related or was data compromised in some other way? 


Hi @ElizabethAragao

All impacted merchants have been contacted. If your client did not receive an email their store(s) were not impacted by this incident. 

If they have concerns about their store however please have them contact Shopify Support. Thanks.

0 Likes
Highlighted
New Member
1 0 0

Sounds like someone is getting their lookalike audiences and email lists ready for holidays...  

0 Likes
Highlighted
New Member
2 0 1

how are we going to know how many merchants were involved And how am I going to know that they affect me

0 Likes
Highlighted
New Member
2 0 0

What’s the country of the stores that were affected?

0 Likes
Highlighted
Shopify Staff
Shopify Staff
10 0 5

@12munchi wrote:

how are we going to know how many merchants were involved And how am I going to know that they affect me


Hi @12munchi

Less than 200 merchants were affected, and all affected merchants have been contacted.