Was there a shopify data leak?

Was there a shopify data leak?

Steve82
Explorer
52 0 55

I know these are phishing/scam emails, but I have received multiple "Confirm Your Email to Stay Protected from Security Risks on ..." emails to multiple email accounts for multiple stores we have setup or run. Each email account references a different but accurate shopify store that it is connected to. Some of our email accounts are not the same domain as the site it is referencing (but is correct), which means the data is/has leaked somewhere. Or is there a list that shopify is providing somewhere?

Fine Art Landscapes - Sawusch Photography - USScenics.com
Replies 2 (2)

DaisyVo
Shopify Partner
3795 412 499

Hi @Steve82 

I understand your concern about receiving multiple "Confirm Your Email to Stay Protected from Security Risks" emails across various accounts linked to your Shopify stores. It's unsettling when such messages reference accurate store details, especially when sent to email accounts with different domains. Let's delve into this issue.

Potential Data Exposure

In July 2024, a significant data leak affected Shopify users. This breach was traced back to a third-party app integrated with Shopify, compromising customer information such as names, email addresses, and purchase histories. Notably, nearly 180,000 users were impacted by this incident.

Phishing Attempts

Following such breaches, it's common for malicious actors to exploit the exposed data. The emails you're receiving, urging you to "Confirm Your Email to Stay Protected from Security Risks," are likely phishing attempts. These messages often create a false sense of urgency to prompt immediate action, a tactic frequently used by scammers.

Recommended Actions

1-Verify Email Authenticity: Shopify will only send emails from official domains such as @shopify.com, @email.shopify.com, @em.shopify.com, and @shopify-billpay.melio.com. Be cautious of emails from public domains like Gmail, Yahoo, or Hotmail, as they are not from Shopify and should be treated as potential phishing attempts.
help.shopify.com

2-Do Not Engage: Avoid clicking on any links or downloading attachments from these suspicious emails.

3-Report Suspicious Emails: Forward any phishing messages you receive to Shopify's safety inbox at safety@shopify.com. This helps Shopify monitor and address such threats.
community.shopify.com

4-Enhance Account Security:

  • Change Passwords: Update your Shopify account password and consider doing the same for associated email accounts.
  • Enable Two-Factor Authentication: This adds an extra layer of security to your accounts.

5-Stay Informed: Regularly monitor official Shopify communications and forums for updates on security matters.

It's understandable to feel uneasy about these emails, especially when they reference accurate store information. By following the steps above, you can enhance your security and mitigate potential risks.

If you need any other assistance, I am willing to help.

Best regards,

Daisy.



Please let us know if our reply is helpful by giving it a Like or marking it as a Solution!

Avada SEO & Image Optimizer - The #1 SEO solution
Steve82
Explorer
52 0 55

What was the app that this happened with? Some of the sites only have apps made/run by shopify and maybe mailchimp.

The way it is worded, it seems that this leak was more of a customer data leak and not necessarily seller data since it says "compromising customer information such as names, email addresses, and purchase histories". 

Fine Art Landscapes - Sawusch Photography - USScenics.com