Approached by ethical hacker on vulnerability on Shopify site

Shopify Discussion

Topic summary

A Shopify store owner was contacted by someone claiming to be an “ethical hacker” from Tech Xpert Private Ltd, who alleged they discovered a vulnerability on the site. The individual demanded $100 USD in exchange for providing detailed security reports.

Key Details:

  • The supposed vulnerability was identified as Cross-Site Request Forgery (CSRF)
  • The hacker claimed to have created an account and spent time browsing the site
  • They provided some code demonstrating how the exploit would unfold

Store Owner’s Response:
The owner recognized this as a scam attempt and is venting frustration about these tactics. They’re warning others in the community about people trying to exploit store owners through fake security threats.

Summarized with AI on November 11. AI used: claude-sonnet-4-5-20250929.
1

Hi,

This is not a question, merely a vent on being approached by (https://www.linkedin.com/in/areeb-jamal-480289199/) listed as an ethical hacker and an employee of the company Tech Xpert Private Ltd https://www.linkedin.com/company/tech-xpert-private-ltd/ He stated that he found a vulnerability on my Shopify site and for a pricely sum of USD 100, he would supply me with reports. I replied that this was a scam. He then replied that the vulnerability was Cross-Site Request Forgery (CSRF) and gave me some code on how this event would unfold. Actually created an account on my site and spent quite some time “browsing” around. Sick of these people trying to scam others tbh.

Rant over…