Two Shopify employees have breached the personal data of merchants and customers

The Canadian ecommerce platform was the victim of a data breach perpetrated by two unfaithful workers, immediately reported

(image: Ercin Top / Anadolu Agency) The Canadian ecommerce platform Shopify reported a data breach to the detriment customers and just under 200 merchants. The actors of the breach would be two members of the support team who, even if unauthorized, would have managed to breach the portal to obtain the customer transaction records of certain merchants. “We immediately stopped these people from accessing our Shopify network and reported the incident to law enforcement,” informs the staff on the company's blog.

The two employees would be able to obtain the data via Shopify's Order API, which allows merchants to process requests from their customers. The portal began collaborating with the FBI and other international agencies in investigating the violation, which led to the reporting and firing of the two suspects.

“This incident was not the result of a vulnerability technique in our platform and the vast majority of merchants using Shopify have not been affected. However, those who have experienced illegitimate access could find themselves with customer data exposed, ”explains Shopify.

The breach would have allowed the two employees to steal customer data, including names, postal addresses and order details, by drawing on the records of transactions with merchants. Fortunately, the portal explains, financial data, such as full credit card numbers or other sensitive personal information, was not involved. Although Shopify did not specify how many customers were involved in the breach, the 200 merchants affected by the breach received a copy of the record of breached transactions.