Hack message

Shopify Discussion

Topic summary

A store owner reports that customers accessing their Shopify site from mobile phones receive a fake security warning claiming “Your phone has been hacked” and that actions are being tracked, which is deterring purchases.

Key Details:

  • The issue occurs when accessing the site from mobile devices
  • The store owner can reproduce the problem on their own phone
  • No recent app installations or new admin access grants occurred

Troubleshooting Steps Suggested:

  • Test if the message appears on all pages or specific URLs only
  • Check if it occurs in incognito/private browsing mode
  • Verify whether the issue is mobile-specific or also affects desktop
  • Test with a different theme to isolate the source
  • Determine if the warning displays inline on the page or as a popup

Status: The discussion remains open with no resolution yet. The focus is on identifying whether this is a theme issue, malicious code injection, or another technical problem.

Summarized with AI on November 1. AI used: claude-sonnet-4-5-20250929.
1

customers are receiving the following message when trying to access my site from their phone “Your phone has been hacked all your actions on the device are tracked by a hacker immediate action is required”.

What can be done? This is deterring people from buying from the website.

2

Does it happen only when they try to access your site ?

Did you check if it happens with you if you try to access as a client ?

Have you given access to anyone to admin your Shopify before ?

Have you installed any app before this started ?
I think you first need to figure out the culprit before you know what can be done.

3

Yes, it happens when I try to access the site from my mobile phone. No apps have recently been installed and no one was recently given access.

4

I then would check:

  1. If it happens on all pages or just some type(s) of urls. If on certain pages only then inspect the urls for those pages and what’s common amongst them.
  2. If it happens on Incognito browser window.
  3. If it happens only when accessed from mobile phone(s) or from pc as well.
  4. Try test with another theme.
  5. How is the message getting displayed. Is it inline on your page or a popup ?