All things Shopify and commerce
I know these are phishing/scam emails, but I have received multiple "Confirm Your Email to Stay Protected from Security Risks on ..." emails to multiple email accounts for multiple stores we have setup or run. Each email account references a different but accurate shopify store that it is connected to. Some of our email accounts are not the same domain as the site it is referencing (but is correct), which means the data is/has leaked somewhere. Or is there a list that shopify is providing somewhere?
Hi @Steve82
I understand your concern about receiving multiple "Confirm Your Email to Stay Protected from Security Risks" emails across various accounts linked to your Shopify stores. It's unsettling when such messages reference accurate store details, especially when sent to email accounts with different domains. Let's delve into this issue.
In July 2024, a significant data leak affected Shopify users. This breach was traced back to a third-party app integrated with Shopify, compromising customer information such as names, email addresses, and purchase histories. Notably, nearly 180,000 users were impacted by this incident.
Following such breaches, it's common for malicious actors to exploit the exposed data. The emails you're receiving, urging you to "Confirm Your Email to Stay Protected from Security Risks," are likely phishing attempts. These messages often create a false sense of urgency to prompt immediate action, a tactic frequently used by scammers.
1-Verify Email Authenticity: Shopify will only send emails from official domains such as @shopify.com, @email.shopify.com, @em.shopify.com, and @shopify-billpay.melio.com. Be cautious of emails from public domains like Gmail, Yahoo, or Hotmail, as they are not from Shopify and should be treated as potential phishing attempts.
help.shopify.com
2-Do Not Engage: Avoid clicking on any links or downloading attachments from these suspicious emails.
3-Report Suspicious Emails: Forward any phishing messages you receive to Shopify's safety inbox at safety@shopify.com. This helps Shopify monitor and address such threats.
community.shopify.com
4-Enhance Account Security:
5-Stay Informed: Regularly monitor official Shopify communications and forums for updates on security matters.
It's understandable to feel uneasy about these emails, especially when they reference accurate store information. By following the steps above, you can enhance your security and mitigate potential risks.
If you need any other assistance, I am willing to help.
Best regards,
Daisy.
What was the app that this happened with? Some of the sites only have apps made/run by shopify and maybe mailchimp.
The way it is worded, it seems that this leak was more of a customer data leak and not necessarily seller data since it says "compromising customer information such as names, email addresses, and purchase histories".
2m ago Learn the essential skills to navigate the Shopify admin with confidence. T...
By Shopify Feb 12, 2025Learn how to expand your operations internationally with Shopify Academy’s learning path...
By Shopify Feb 4, 2025Hey Community, happy February! Looking back to January, we kicked off the year with 8....
By JasonH Feb 3, 2025