A Shopify store owner discovered their domain was redirecting customers to a random spam website, initially suspecting a hack.
Root Cause Identified:
Solution Steps:
Key Takeaway:
Websites still calling defunct third-party scripts are vulnerable when hackers acquire those abandoned domains and inject malware. Store owners uncomfortable with code editing should contact Shopify’s authenticated support for assistance.
One user reported being completely locked out after hackers changed their domain and two-factor authentication settings, requiring direct support intervention through Shopify’s account recovery form.
Hi Shopify support
I am in urgent need of help, my domain is managed through Shopify and since yesterday, it is taking me and all my customers to a random website (attached screenshot) instead of my online store. I believe my domain has been hacked?
I have tried to reach out to Shopify Support but am unable to get in contact with anyone who can help?
Any help will be greatly appreciated!!
Hi @christylynn
Thank you for that screenshot. It appears this issue was caused by some errant script created by an app that may have been installed on your store. You should have received instructions on how to correct this, but I will include them here as well:
How to fix this issue:
{% comment %}
<script src="https://shinedezign.tk/preorder/js/preorder.js"></script>
{% endcomment %}
If you are not comfortable making these changes yourself please reach out to our authenticated support through our Help Center for additional help from our theme support team.
can anyone help me here I lost my access to my store not able to reach out to support unless I have store
someone hacked my store and changed the domain and two steps verification and my login in
how dose the two steps verfication changed with out my opt used
can anyone help please I really appriecated if you can hellp
Hey @mahahussein11 .
Thanks for reaching out on this thread.
Since we are unable to authenticate you over the Community forums due to the sensitive information that needs to be shared, we are unable to view the specifics. In this case, if you are unable to get in touch with our live support from the Help Center - it would be best to navigate to this URL and complete the form here.
Once you complete the form, you should see the options to speak directly with a Support Advisor about the situation.
Let us know if you have any questions.
Hi there! I am experiencing the same issue. Was it ever solved?
In case this helps anyone in the future… we had the same thing happen to us just now, and Shopify was able to locate the malware code. We had an old currency converter script (pb_currency) that we were calling, which has since gone out of business. Hackers have taken over the domain of the script and put malware there instead - so all of the websites out there that are still calling this old app are now calling malware that redirects your website to random spam sites. Just remove the line {% include ‘pb_currency’ %} from theme.liquid to remove the redirect! And delete the pb_currency.liquid file too - that’s where it calls the malware file.
