FROM CACHE - en_header

Incident Update

Shopify
Community Manager
Community Manager
157 4 152
‎09-22-2020 03:59 PM

Incident Update

Recently, Shopify became aware of an incident involving the data of less than 200 merchants. We immediately launched an investigation to identify the issue--and impact--so we could take action and notify the affected merchants.

Our investigation determined that two rogue members of our support team were engaged in a scheme to obtain customer transactional records of certain merchants. We immediately terminated these individuals’ access to our Shopify network and referred the incident to law enforcement. We are currently working with the FBI and other international agencies in their investigation of these criminal acts. While we do not have evidence of the data being utilized, we are in the early stages of the investigation and will be updating affected merchants as relevant.

This incident was not the result of a technical vulnerability in our platform, and the vast majority of merchants using Shopify are not affected. However, those whose stores were illegitimately accessed may have had customer data exposed. This data includes basic contact information, such as email, name, and address, as well as order details, like products and services purchased. Complete payment card numbers or other sensitive personal or financial information were not part of this incident.

Our teams have been in close communication with affected merchants to help them navigate this issue and address any of their concerns. We don’t take these events lightly at Shopify. We have zero tolerance for platform abuse and will take action to preserve the confidence of our community and the integrity of our product.

To put it simply, we are committed to protecting our platform, our merchants, and their customers. We will continue to work hard to earn your trust every day.

Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 

- To learn more visit the Shopify Help Center or the Shopify Blog

100,044 Views
Report
Replies 33 (33)
lireille
New Member
1 0 1
‎09-22-2020 05:45 PM

Re: Incident Update

What merchants are affected? Will you notify your merchants that are affected? 

95,717 Views
Report
marctrem
New Member
1 0 2
‎09-22-2020 06:42 PM

Re: Incident Update

The first paragraph makes it seem like so.

It's a great time to look at GDPR Art. 33 & 34 and Recital 87:

https://gdpr-info.eu/art-33-gdpr/
https://gdpr-info.eu/art-34-gdpr/
https://gdpr-info.eu/recitals/no-87/

 

94,876 Views
Report
Shopify
Community Manager
Community Manager
157 4 152
‎09-22-2020 06:47 PM

Re: Incident Update

@lireille wrote:

What merchants are affected? Will you notify your merchants that are affected? 

Hi @lireille

All affected merchants have been contacted.

Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 

- To learn more visit the Shopify Help Center or the Shopify Blog

94,773 Views
Report
ElizabethAragao
Shopify Partner
1 0 0
‎09-23-2020 12:37 PM

Re: Incident Update

I have a client using Shopify and her store was hacked two nights in a row (Monday and Tuesday night). Is this related or was data compromised in some other way? 

86,172 Views
0 Likes
Report
Shopify
Community Manager
Community Manager
157 4 152
‎09-23-2020 01:13 PM

Re: Incident Update

@ElizabethAragao wrote:

I have a client using Shopify and her store was hacked two nights in a row (Monday and Tuesday night). Is this related or was data compromised in some other way? 

Hi @ElizabethAragao

All impacted merchants have been contacted. If your client did not receive an email their store(s) were not impacted by this incident. 

If they have concerns about their store however please have them contact Shopify Support. Thanks.

Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 

- To learn more visit the Shopify Help Center or the Shopify Blog

85,685 Views
0 Likes
Report
imnotarobotboop
New Member
1 0 0
‎09-23-2020 06:45 PM

Re: Incident Update

Sounds like someone is getting their lookalike audiences and email lists ready for holidays... 😞 

82,296 Views
0 Likes
Report
12munchi
New Member
2 0 1
‎09-23-2020 11:17 PM

Re: Incident Update

how are we going to know how many merchants were involved And how am I going to know that they affect me

77,344 Views
0 Likes
Report
pjp
New Member
2 0 1
‎09-23-2020 11:43 PM

Re: Incident Update

What’s the country of the stores that were affected?

76,773 Views
0 Likes
Report
Shopify
Community Manager
Community Manager
157 4 152
‎09-24-2020 06:54 AM

Re: Incident Update

@12munchi wrote:

how are we going to know how many merchants were involved And how am I going to know that they affect me

Hi @12munchi

Less than 200 merchants were affected, and all affected merchants have been contacted.

 

Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 

- To learn more visit the Shopify Help Center or the Shopify Blog

73,500 Views
Report
Nem360
Tourist
4 0 4
‎09-24-2020 07:26 AM

Re: Incident Update

Hello,

I just received and email from Thrive cosmetics about the data breach and it makes sense now I know how my card number was stolen and used to charge up almost $5000 on it a few days ago! People keep an eye on your banking information it happens fast I am thankful to have a good bank who caught it early.

18,581 Views
Report
Shopify
Community Manager
Community Manager
157 4 152
‎09-24-2020 09:03 AM

Re: Incident Update

@Nem360 wrote:

Hello,

I just received and email from Thrive cosmetics about the data breach and it makes sense now I know how my card number was stolen and used to charge up almost $5000 on it a few days ago! People keep an eye on your banking information it happens fast I am thankful to have a good bank who caught it early.

Hi @Nem360

No complete credit information was taken during this incident and therefore fraud and identity theft are unlikely. Thanks

Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 

- To learn more visit the Shopify Help Center or the Shopify Blog

18,446 Views
0 Likes
Report
Nem360
Tourist
4 0 4
‎09-24-2020 09:08 AM

Re: Incident Update

Unlikely but never zero. I have been trying to figure out how it could have happened and this has answered it for me. The odds of it being another site vs this is slim unless you know of another site that wad hacked within the last 7days.  But I do like how instead of just saying we are sorry or happy your bank caught it you go straight into denial thanks.

18,436 Views
0 Likes
Report
michelq
Shopify Partner
1 0 1
‎09-24-2020 09:49 AM

Re: Incident Update

Mentioning that affected merchants were contacted is not sufficient.

You need to provide us with the list of Merchants that were subject to this fraud as we need to support our clients in a much more proactive manner. 

18,380 Views
Report
12munchi
New Member
2 0 1
‎09-24-2020 10:03 AM

Re: Incident Update

Yes I would like this list to I’m not sure who I bought with that is supported by the shop to five so I would like a list of merchants that was compromised as well
18,352 Views
Report
Shopify
Community Manager
Community Manager
157 4 152
‎09-24-2020 11:05 AM

Re: Incident Update

Hi @michelq & @12munchi,

All impacted merchants have been contacted, and a listing of affected merchants cannot be provided.

If your client did not receive an email their store(s) were not impacted by this incident.

If they have concerns about their store however please have them contact Shopify Support.

Thanks.

Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 

- To learn more visit the Shopify Help Center or the Shopify Blog

18,226 Views
0 Likes
Report
Eleda_Towle
Tourist
10 0 6
‎09-24-2020 02:20 PM

Re: Incident Update

I appreciate the immediate notification of affected stores and public announcement here of the issue.  No business these days is completely immune, so it falls back to the old adage, "Customer service isn't about nothing ever going wrong - It's about how you handle it when it does."  I appreciate Shopify's openness and prompt response to this issue. That gives me confidence that future issues will be handled just as well.

(My store wasn't affected, so I'm speaking just as a Shopify customer.)

17,997 Views
0 Likes
Report
Allison-Claire
New Member
1 0 0
‎09-24-2020 03:20 PM

Re: Incident Update

I was not notified.

17,928 Views
0 Likes
Report
Shopify
Community Manager
Community Manager
157 4 152
‎09-24-2020 04:00 PM

Re: Incident Update

@Allison-Claire wrote:

I was not notified.

Hi @Allison-Claire,

All impacted merchants have been contacted. If you did not receive an email your store(s) were not impacted by this incident.

Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 

- To learn more visit the Shopify Help Center or the Shopify Blog

17,883 Views
0 Likes
Report
jcmediahouse
Tourist
6 0 1
‎09-25-2020 07:28 AM

Re: Incident Update

I'm terribly worried and concerned about this incident

17,513 Views
Report

Community Blog Articles

shopify-presentation-matthew-herchel-pointing-at-board 1920x1080.jpg
Shopify Community AMA: 2H Media Recap

Thanks to all who participated in our AMA with 2H Media on planning your 2023 marketing bu...

By Jacqui Mar 30, 2023
E23_social share_1200x6751.jpg
Shopify Community AMA: Winter Editions ‘23 Recap

Thanks to all Community members that participated in our inaugural 2 week AMA on the new E...

By Jacqui Mar 10, 2023
shopify-academy-foundations-certification-16-9-v1-size.png
Introducing Shopify Certifications

Upskill and stand out with the new Shopify Foundations Certification program

By SarahF_Shopify Mar 6, 2023
Terms of Service Privacy Policy