FROM CACHE - en_header

Incident Update

Shopify
Community Manager
Community Manager
125 0 98

Recently, Shopify became aware of an incident involving the data of less than 200 merchants. We immediately launched an investigation to identify the issue--and impact--so we could take action and notify the affected merchants.

Our investigation determined that two rogue members of our support team were engaged in a scheme to obtain customer transactional records of certain merchants. We immediately terminated these individuals’ access to our Shopify network and referred the incident to law enforcement. We are currently working with the FBI and other international agencies in their investigation of these criminal acts. While we do not have evidence of the data being utilized, we are in the early stages of the investigation and will be updating affected merchants as relevant.

This incident was not the result of a technical vulnerability in our platform, and the vast majority of merchants using Shopify are not affected. However, those whose stores were illegitimately accessed may have had customer data exposed. This data includes basic contact information, such as email, name, and address, as well as order details, like products and services purchased. Complete payment card numbers or other sensitive personal or financial information were not part of this incident.

Our teams have been in close communication with affected merchants to help them navigate this issue and address any of their concerns. We don’t take these events lightly at Shopify. We have zero tolerance for platform abuse and will take action to preserve the confidence of our community and the integrity of our product.

To put it simply, we are committed to protecting our platform, our merchants, and their customers. We will continue to work hard to earn your trust every day.

Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 

- To learn more visit the Shopify Help Center or the Shopify Blog

Replies 33 (33)
lireille
New Member
1 0 1

What merchants are affected? Will you notify your merchants that are affected? 

marctrem
New Member
1 0 2

The first paragraph makes it seem like so.

It's a great time to look at GDPR Art. 33 & 34 and Recital 87:

https://gdpr-info.eu/art-33-gdpr/
https://gdpr-info.eu/art-34-gdpr/
https://gdpr-info.eu/recitals/no-87/

 

Shopify
Community Manager
Community Manager
125 0 98

@lireille wrote:

What merchants are affected? Will you notify your merchants that are affected? 


Hi @lireille

All affected merchants have been contacted.

Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 

- To learn more visit the Shopify Help Center or the Shopify Blog

ElizabethAragao
Shopify Partner
1 0 0

I have a client using Shopify and her store was hacked two nights in a row (Monday and Tuesday night). Is this related or was data compromised in some other way? 

Shopify
Community Manager
Community Manager
125 0 98

@ElizabethAragao wrote:

I have a client using Shopify and her store was hacked two nights in a row (Monday and Tuesday night). Is this related or was data compromised in some other way? 


Hi @ElizabethAragao

All impacted merchants have been contacted. If your client did not receive an email their store(s) were not impacted by this incident. 

If they have concerns about their store however please have them contact Shopify Support. Thanks.

Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 

- To learn more visit the Shopify Help Center or the Shopify Blog

imnotarobotboop
New Member
1 0 0

Sounds like someone is getting their lookalike audiences and email lists ready for holidays... 😞 

12munchi
New Member
2 0 1

how are we going to know how many merchants were involved And how am I going to know that they affect me

pjp
New Member
2 0 1

What’s the country of the stores that were affected?

Shopify
Community Manager
Community Manager
125 0 98

@12munchi wrote:

how are we going to know how many merchants were involved And how am I going to know that they affect me


Hi @12munchi

Less than 200 merchants were affected, and all affected merchants have been contacted.

 

Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 

- To learn more visit the Shopify Help Center or the Shopify Blog

Nem360
Tourist
4 0 4

Hello,

I just received and email from Thrive cosmetics about the data breach and it makes sense now I know how my card number was stolen and used to charge up almost $5000 on it a few days ago! People keep an eye on your banking information it happens fast I am thankful to have a good bank who caught it early.

Shopify
Community Manager
Community Manager
125 0 98

@Nem360 wrote:

Hello,

I just received and email from Thrive cosmetics about the data breach and it makes sense now I know how my card number was stolen and used to charge up almost $5000 on it a few days ago! People keep an eye on your banking information it happens fast I am thankful to have a good bank who caught it early.


Hi @Nem360

No complete credit information was taken during this incident and therefore fraud and identity theft are unlikely. Thanks

Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 

- To learn more visit the Shopify Help Center or the Shopify Blog

Nem360
Tourist
4 0 4

Unlikely but never zero. I have been trying to figure out how it could have happened and this has answered it for me. The odds of it being another site vs this is slim unless you know of another site that wad hacked within the last 7days.  But I do like how instead of just saying we are sorry or happy your bank caught it you go straight into denial thanks.

michelq
Shopify Partner
1 0 1

Mentioning that affected merchants were contacted is not sufficient.

You need to provide us with the list of Merchants that were subject to this fraud as we need to support our clients in a much more proactive manner. 

12munchi
New Member
2 0 1
Yes I would like this list to I’m not sure who I bought with that is supported by the shop to five so I would like a list of merchants that was compromised as well
Shopify
Community Manager
Community Manager
125 0 98

Hi @michelq & @12munchi,

All impacted merchants have been contacted, and a listing of affected merchants cannot be provided.

If your client did not receive an email their store(s) were not impacted by this incident.

If they have concerns about their store however please have them contact Shopify Support.

Thanks.

Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 

- To learn more visit the Shopify Help Center or the Shopify Blog

Eleda_Towle
Tourist
10 0 6

I appreciate the immediate notification of affected stores and public announcement here of the issue.  No business these days is completely immune, so it falls back to the old adage, "Customer service isn't about nothing ever going wrong - It's about how you handle it when it does."  I appreciate Shopify's openness and prompt response to this issue. That gives me confidence that future issues will be handled just as well.

(My store wasn't affected, so I'm speaking just as a Shopify customer.)

Allison-Claire
New Member
1 0 0

I was not notified.

Shopify
Community Manager
Community Manager
125 0 98

@Allison-Claire wrote:

I was not notified.


Hi @Allison-Claire,

All impacted merchants have been contacted. If you did not receive an email your store(s) were not impacted by this incident.

Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 

- To learn more visit the Shopify Help Center or the Shopify Blog

jcmediahouse
Tourist
6 0 1

I'm terribly worried and concerned about this incident