It seems like as soon as i deactivated my store (planning to migrate to a new instance), my domain was hijacked, and somehow, somebody else managed to publish a Shopify store under my domain. Worth mentioning that my domain was still linked to Shopify at that time.
The fix was to delete Shopify entries from the DNS, since Shopify support was unable to identify and fix the issue on their side, before affecting my brand (contests like selling coin machines and pictures with semi naked girls is not really our business).
A few weeks later, we’re good to go with the new shop, when trying to assign the domain, surprise. My domain was flagged and needs support for authenticating the domain. Contacted support, provided extra documents to confirm the domain ownership, answers all the questions, etc. Excuses and promises that this will be fixed with priority. Very diligently with the real owner of the domain, less so with the ones hijacking my domain.
2 weeks later, i cannot go live because the ticket is still pending. So basically i have to pay with my business for what seems to be a major security flaw on Shopify’s side.
More over, today, during this review process, managed by Shopify itself, my domain was hijacked AGAIN! Obviously, no action from Shopify Support, just postponing.
What should i do? Having a security issue not being addressed for weeks, and me being unable to go live.
PS: it seems to be a known issue, so how much does Shopify really cares about security? How is it possible to be ok with bot created shops, collecting cards and payments, on Shopify, and not do a thing?
