Unexpected access to inactive backups via shopifypreview.com links after recent outage

Ivanm · ‎04-05-2025

Hi Shopify Community,

I'm experiencing a concerning issue with my store following the recent outage. I've noticed in my Shopify reports that old (up to five years) shopifypreview.com links to old theme backups (and a new theme I am working on) are being now being crawled daily with no referrer.

The links look like this: https://[example-random-string]-22887413.shopifypreview.com/?cb=[another-random-string]

These are internal preview links that should not be publicly accessible. This activity began immediately after the recent outage.

More worryingly, I'm now seeing referrals to these shopifypreview.com links coming from Facebook with fbclid parameters, indicating that these internal links are now being shared or accessed via social media.

Here’s how they are appearing in my reports with FB as the referrer:

http://[random-alphanumeric-string]-22887413.shopifypreview.com/?fbclid=[long-random-alphanumeric-string]&_aem=[another-random-alphanumeric-string]

I have contacted Shopify Support and have been advised they are investigating. I wanted to see if anyone else in the community has experienced anything similar or has any insights into how these shopifypreview.com links might be getting exposed and crawled?

I suspect Shopify was exposed in some way during the outage and a vulnerability enabled crawlers to map the preview links.

I cannot create shopifypreview.com links, if I create a preview link it appears as mydomain.com[short-string]. So they must be coming from Shopify’s end (to the best of my knowledge).

Additionally, these crawls are not appearing in my Cloudflare, they are only appearing in my Shopify reports – Landing Page URL. Meaning they are not related to my domain at all (since they are landing on shopifypreview.com).

Has anyone encountered unexpected access to their shopifypreview.com links since the outage earlier in the week? Does anyone have information on how these links are generated and secured by Shopify?

Any advice or shared experiences would be greatly appreciated.

Thank you.

tim · ‎04-05-2025

Have not seen this myself, but just to remind -- these links are coming from "Share preview" button, so you can create them yourself:

If my post is helpful, consider liking it -- it will help others with similar problem to find a solution.
I can be reached via e-mail tairli@yahoo.com

Ivanm · ‎04-05-2025

Thanks for replying, interesting that it comes up as shopifypreview.com for you. When I generate one to test my domain appears (eg. https://mydomain.com.au/?_ab=0&_fd=0&_sc=1). Although all 11 backups were crawled (I have thinned it down to 5) and I haven't touched some of them for over 5 years, and have never generated a preview link before this. Such a weird issue.

tim · ‎04-05-2025

Ivan, one of the reasons behind "Share preview" was to hide your actual domain so you can share preview without letting your correspondents know it. So strange yours generates something else.

What you're observing is weird anyway.

If my post is helpful, consider liking it -- it will help others with similar problem to find a solution.
I can be reached via e-mail tairli@yahoo.com

Ivanm · ‎04-05-2025

That is good to know. So strange that mine is behaving differently. I'm thinking I might download them all as .zip files and remove them for now, but I'll wait until Shopify support responds. I'll update here in case anyone else encounters this, although it's looking more like an isolated issue. Just my luck lol. Thanks again!

Ivanm · ‎04-07-2025

Update: I have removed and re-uploaded all of the old theme backups, which did kill a couple of the preview links. However, the live theme and some backups are still being crawled, and there are new preview links being generated which I have no control over. The crawling frequency has increased also.

Shopify is still investigating, they believe this is part of a wider issue which is also affecting theme editing and reports for some users. Not much more I can do for now other than wait. It's not hurting anything other than skewing my reports, which is not a huge deal (although the fbclid links are a concern).

I'll provide another update once I have a resolution. I just wanted to share what is happening in case someone else experiences this.

Ivanm · ‎04-10-2025

Just wanted to provide a quick update on the issue regarding the persistent crawling of shopifypreview.com links.

I did download and re-upload all of my theme backups, only to find the new backups are now being crawled. This indicates a present vulnerability in Shopify’s infrastructure.

In addition, I am now seeing this unwanted activity actively hitting my Cloudflare reports. My firewall is blocking these requests, which confirms that the issue is now attempting to reach my domain.

The log shows activity from "GOOGLE-CLOUD-PLATFORM" (ASN 396982) and "FACEBOOK" (ASN 32934). This suggests that these are not just random, unidentified bots, but potentially crawlers or scrapers operating within Shopify’s infrastructure.

My initial Shopify support ticket was closed without a resolution. I have since had to open a new support ticket, which has now been escalated. I have been told that the Theme dev team is looking into this despite the lack of communication and subsequent closing of my initial ticket.

I'm continuing to monitor the situation and hope that Shopify's Theme Department can identify and resolve the root cause of these persistent shopifypreview.com links and the associated unwanted traffic.

In the meantime, I will remove all backups. However, the live theme is also being crawled and there’s not much I can do about it other than wait and hope for a resolution.

I'll keep the thread updated with any further developments.

Unexpected access to inactive backups via shopifypreview.com links after recent outage

Unexpected access to inactive backups via shopifypreview.com links after recent outage

Community Blog Articles