FROM CACHE - en_header
Promotion image

Shopify allows hijackers to claim subdomains

Shopify allows hijackers to claim subdomains

Snodgers
Shopify Partner
25 1 19
‎01-17-2024 05:13 PM

I'm writing this up as a warning to anyone with a Shopify account.

 

Let's say that you have a shop: products.com. You also have two CNAMEs: www.products.com  and shop.products.com.

 

The CNAMEs point to products.com, which points to Shopify.

 

In your Shopify account, you link shop.products.com, www.products.com  and products.com.

 

Later, you decide to create new.products.com as a CNAME. You point it at your primary domain, which is very common. You have some plans for the future but don't start working with it right away. That's fine. Right?

 

Wrong.

 

Shopify currently allows anyone with a Shopify account to take over the subdomain without verification. For you to reclaim it, you will need to verify though!

 

People will typically connect their domains right away but Shopify should not allow users to claim a subdomain without any verification.

 

Labels:
402 Views
2 Likes
Report
Replies 0 (0)

Community Blog Articles

VS-skills-2025-opt3.png
How to drive more onsite engagement with promotions, loyalty, and recommend...

Discover how to increase customer engagement on your store with articles from Shopify A...

By Jacqui Apr 23, 2025
JasonH_0-1743081651612.jpeg
Members of March '25

Hey Community 👋 Did you know that March 15th is National Everything You Think Is W...

By JasonH Apr 1, 2025
427225466-7b141305-de27-48eb-8d38-643ba2ed8c3f.jpg
The power of automation: New Shopify Flow fundamentals learning path

Discover how to increase the efficiency of commerce operations with Shopify Academy's l...

By Jacqui Mar 26, 2025
Terms of Service Privacy Policy