U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Rogue employees at Shopify accessed customer info without authorization

E-commerce platform provider Shopify revealed that two members of its support staff accessed customer information without authorization. E-commerce platform provider Shopify on Tuesday confirmed that two employees of its support staff were accessing customer information without authorization. “Recently, Shopify became aware of an incident involving the data of less than 200 merchants. We immediately launched […]

shopify

E-commerce platform provider Shopify revealed that two members of its support staff accessed customer information without authorization.

E-commerce platform provider Shopify on Tuesday confirmed that two employees of its support staff were accessing customer information without authorization.

“Recently, Shopify became aware of an incident involving the data of less than 200 merchants. We immediately launched an investigation to identify the issue–and impact–so we could take action and notify the affected merchants.” reads the Shopify announcement.

“Our investigation determined that two rogue members of our support team were engaged in a scheme to obtain customer transactional records of certain merchants. We immediately terminated these individuals’ access to our Shopify network and referred the incident to law enforcement.”

The duo abused their permissions to access data related to transactions a number of merchants that are estimated to be less of 200.

The company already notified all the impacted merchants and fired the two employees.

Data accessed by the two rogue employees without authorization included name, email address, physical address, and order details (e.g. products and services purchased). The company confirmed that financial information were not impacted.

Law enforcement is currently investigating into the incident.

“We are currently working with the FBI and other international agencies in their investigation of these criminal acts. While we do not have evidence of the data being utilized, we are in the early stages of the investigation and will be updating affected merchants as relevant,” continues the company.

shopify

The company is not aware of the illegal use of the accessed data, it pointed out that the incident was not the result of a security vulnerability in its platform.

“Our teams have been in close communication with affected merchants to help them navigate this issue and address any of their concerns. We don’t take these events lightly at Shopify.”the company concludes. “We have zero tolerance for platform abuse and will take action to preserve the confidence of our community and the integrity of our product,”

This incident confirms that insider threats are hard to discover and the effects of their operations could be serious for the organization.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Shopify)

[adrotate banner=”5″]

[adrotate banner=”13″]