Shopify users hacked through a middle app

Learn more details in this article.

On September 3, 2022 a threat actor has shared a database more or less consisting of Shopify users.

Shopify is the most popular e-commerce platform for online stores and retail point-of-sale systems. Many business owners and individuals use this engine to set up an online shop, as it is known to be relatively easy to use. Shopify also provides numerous advantages for shop owners, as visibility, payment simplicity, good practices and more.

However, as the platform got more and more popular, the amount of online shops on the internet grew exponentially. Now, to get consumer’s attention, sellers had to find new ways of promotion or learn new ways of getting visibility. At this point, ShopifyRepublic, a website and an app, has been created to come to rescue and educate online shop owners on how to succeed.

Photo by Roberto Cortese

What happened?

On September 3, many Shopify users’ preferred app ShopifyRepublic has been hacked. It has resulted in a data leak, consisting of user data, being shared on underground hacking forums. Substantial sized ShopifyRepublic database has exposed the following personal information:

Shopify store name, shop owner’s email, first and last name, IP address, username, password in cleartext (!), physical address and, for some, full credit card numbers, as well as other information

The Kaduu team has analysed the leaked database and estimated the number of users affected by this breach to nearly 200k.

Stay up to date with exposed information online. Kaduu with its cyber threat intelligence service offers an affordable insight into the darknet, social media and deep web. 

Comments are closed.