Is this email threat about my website being hacked legitimate?

Shopify Discussion

Topic summary

A Shopify store owner received an email claiming their website was hacked and database extracted, demanding $3000 in Bitcoin (0.15 BTC) within 3 days to prevent data leaks and search engine de-indexing.

Key characteristics of the email:

  • Uses deliberate character substitutions (0 for o, etc.)
  • Contains reversed/scrambled text sections
  • Threatens reputation damage, customer notification, and SEO penalties
  • Provides a Bitcoin wallet address for payment
  • Warns against replying or attempting negotiation

Context:
The store is hosted on Shopify’s platform, which manages security infrastructure. Multiple users report receiving identical or nearly identical emails with different Bitcoin addresses, suggesting a mass phishing/extortion campaign.

Status: The discussion remains open with users seeking confirmation on whether this is a legitimate threat or a scam, and whether any action is required.

Summarized with AI on November 25. AI used: claude-sonnet-4-5-20250929.
1

Hi, we have recieved an e-mail yesterday stating that our webpage was hacked. I don’t know if this is a spam or not, however because we are hosted in shopify platform, can somebody advise us if this is a real threat or juts a hoax?

Sent by zoch@iwt-bremen.de, this is the email:

Your Website Has Been CompromisedYour Site Has Been Hacked

PLEASE FoRWARD THIS EMAIL To SoME0NE IN Y0UR C0MPANY WHo iS ALLoWED To MAKE IMPORTANT DECISI0NS!

We have hacked your website https://www.dyvolab.com and extracted y0ur databases.

How did this happen?

our team has f0und a vulnerability within y0ur site that we were able to exploit. After finding the vulnerability we were able t0 get y0ur database credentials and extract y0ur entire database and m0ve the inf0rmation to an 0ffshore server.

What does this mean?

We will systematically go thr0ugh a series of steps 0f t0tally damaging y0ur reputati0n. First your database will be leaked or s0ld to the highest bidder which they will use with whatever their intenti0ns are. Next if there are e-mails f0und they will be e-mailed that their information has been sold 0r leaked and your site https://www.dyvolab.com was at fault thusly damaging your reputation and having angry cust0mers/ass0ciates with whatever angry customers/associates do. Lastly any links that you have indexed in the search engines will be de-indexed based off of blackhat techniques that we used in the past t0 de-index our targets.

How d0 i stop this?

We are willing to refrain from destroying y0ur site’s reputation f0r a small fee. The current fee is $3000 in bitcoins (0.15 BTC).

Please send the bitcoin to the following Bitcoin address (C0py and paste as it is case sensitive):

38DZMraSq2MeGJ4Lj5RBrLuGYT4bshxkA6

once y0u have paid we will aut0matically get informed that it was your payment. Please n0te that you have to make payment within 3 days after opening this e-mail 0r the database leak, e-mails dispatched, and de-index 0f y0ur site WiLL start!

H0w do i get Bitcoins?

Y0u can easily buy bitcoins via several websites or even offline from a Bitcoin-ATM.

What if i d0n’t pay?

if y0u decide n0t t0 pay, we will start the attack at the indicated date and uphold it until y0u d0, there’s no c0unter measure t0 this, you will only end up wasting more money trying t0 find a s0luti0n. We will c0mpletely destr0y y0ur reputation amongst g00gle and y0ur cust0mers.

This is n0t a h0ax, do not reply t0 this email, don’t try to reas0n 0r neg0tiate, we will not read any replies. once you have paid we will st0p what we were d0ing and you will never hear fr0m us again!

Please n0te that Bitcoin is anonymous and no 0ne will find 0ut that y0u have complied. Finally d0n’t reply as this email is unmonit0red.

2

sent by zoch@iwt-bremen.de this is the email:

Your Website Has Been CompromisedYour Site Has Been Hacked

PLEASE FoRWARD THIS EMAIL To SoME0NE IN Y0UR C0MPANY WHo iS ALLoWED To MAKE IMPORTANT DECISI0NS!

We have hacked your website https://www.dyvolab.com and extracted y0ur databases.

How did this happen?

our team has f0und a vulnerability within y0ur site that we were able to exploit. After finding the vulnerability we were able t0 get y0ur database credentials and extract y0ur entire database and m0ve the inf0rmation to an 0ffshore server.

What does this mean?

We will systematically go thr0ugh a series of steps 0f t0tally damaging y0ur reputati0n. First your database will be leaked or s0ld to the highest bidder which they will use with whatever their intenti0ns are. Next if there are e-mails f0und they will be e-mailed that their information has been sold 0r leaked and your site https://www.dyvolab.com was at fault thusly damaging your reputation and having angry cust0mers/ass0ciates with whatever angry customers/associates do. Lastly any links that you have indexed in the search engines will be de-indexed based off of blackhat techniques that we used in the past t0 de-index our targets.

How d0 i stop this?

We are willing to refrain from destroying y0ur site’s reputation f0r a small fee. The current fee is $3000 in bitcoins (0.15 BTC).

Please send the bitcoin to the following Bitcoin address (C0py and paste as it is case sensitive):

38DZMraSq2MeGJ4Lj5RBrLuGYT4bshxkA6

once y0u have paid we will aut0matically get informed that it was your payment. Please n0te that you have to make payment within 3 days after opening this e-mail 0r the database leak, e-mails dispatched, and de-index 0f y0ur site WiLL start!

H0w do i get Bitcoins?

Y0u can easily buy bitcoins via several websites or even offline from a Bitcoin-ATM.

What if i d0n’t pay?

if y0u decide n0t t0 pay, we will start the attack at the indicated date and uphold it until y0u d0, there’s no c0unter measure t0 this, you will only end up wasting more money trying t0 find a s0luti0n. We will c0mpletely destr0y y0ur reputation amongst g00gle and y0ur cust0mers.

This is n0t a h0ax, do not reply t0 this email, don’t try to reas0n 0r neg0tiate, we will not read any replies. once you have paid we will st0p what we were d0ing and you will never hear fr0m us again!

Please n0te that Bitcoin is anonymous and no 0ne will find 0ut that y0u have complied. Finally d0n’t reply as this email is unmonit0red.

3

We got this email I edited out the website address. Please advise us if action is required

Your Databases Has Been HackedYour Site Has Been Hacked

PLEASE F0RWARD THIS EMAIL To SoME0NE IN Y0UR CoMPANY WH0 iS ALLoWED To MAKE IMPORTANT DECISI0NS!

We have hacked y0ur website and extracted y0ur databases.

H0w did this happen?

0ur team has found a vulnerability within your site that we were able t0 expl0it. After finding the vulnerability we were able to get your database credentials and extract your entire database and m0ve the inf0rmation to an 0ffsh0re server.

What d0es this mean?

We will systematically g0 thr0ugh a series of steps 0f totally damaging y0ur reputation. First your database will be leaked or s0ld to the highest bidder which they will use with whatever their intenti0ns are. Next if there are e-mails found they will be e-mailed that their inf0rmation has been s0ld 0r leaked and y0ur site was at fault thusly damaging y0ur reputation and having angry customers/ass0ciates with whatever angry customers/associates d0. Lastly any links that y0u have indexed in the search engines will be de-indexed based off of blackhat techniques that we used in the past to de-index our targets.

How d0 i st0p this?

We are willing t0 refrain from destroying your site’s reputation for a small fee. The current fee is $3000 in bitcoins (0.15 BTC).

Please send the bitcoin t0 the f0ll0wing Bitcoin address (C0py and paste as it is case sensitive):

3DKhduZ9wVsak7P3M4iYB4DCojv55uwhoo

once you have paid we will automatically get informed that it was your payment. Please n0te that y0u have to make payment within 3 days after 0pening this e-mail or the database leak, e-mails dispatched, and de-index of y0ur site WiLL start!

H0w d0 i get Bitcoins?

You can easily buy bitcoins via several websites 0r even 0ffline fr0m a Bitcoin-ATM.

What if i d0n’t pay?

if y0u decide n0t to pay, we will start the attack at the indicated date and uph0ld it until y0u do, there’s no c0unter measure t0 this, y0u will only end up wasting m0re money trying to find a s0luti0n. We will completely destroy your reputation am0ngst go0gle and y0ur cust0mers.

This is n0t a hoax, do n0t reply t0 this email, d0n’t try t0 reason 0r negotiate, we will n0t read any replies. 0nce you have paid we will stop what we were doing and you will never hear from us again!

Please note that Bitcoin is anonymous and no 0ne will find 0ut that y0u have c0mplied. Finally don’t reply as this email is unm0nit0red.