Whoever was responsible failed to secure data being processed from Shopify stores using their app.
What is Dropshipping?
Understanding a breach and its potential impact takes careful attention and time.
We work hard to publish accurate and trustworthy reports, ensuring everybody who reads them understands their seriousness.
Links embedded in the data were directed to Topdsers website.
It would be impossible for another company to obtain access or permissions needed to create these.
Raw data showing various forms of data from 1 purchase order
The companys name was also found throughout the leaking database.
While Shopify acknowledged our disclosure,Topdser failed to respond.
One day after contacting the company, however, the database was taken offline.
Raw data showing various forms of data from 1 purchase order
If criminal hackers had discovered this database,they could have engaged in numerous phishing campaigns against Shopfiy customers.
This is just one of the many ways cybercriminals could leverage the exposed data for phishing campaigns.
In fact, they couldeasily pursue wholesale identity theftwith devastating consequences for anyone successfully targeted.
The data leak revealed a massive amount of details about the stores affected as well as their owners.
Dropshipping is built on privacy and targeted marketing, anddropshippers are incredibly secretive about how they operate.
The store owners themselves are also at risk.
They could be targeted in phishing campaigns and fraud, just like their customers.
The impact would be devastating for a business and its owners, potentially bankrupting them.
We believe these were for accounts on Topdser.
To learn about data vulnerabilities in general, read ourcomplete guide to online privacy.
Our researchers use large scale web scanners to search for unsecured data stores containing information that shouldnt be exposed.
They then examine each data store for any data being leaked.
Our team was able to access this database because it was completely unsecured and unencrypted.
The app was using an Elasticsearch database, which is ordinarily not designed for URL use.
These ethics also mean we carry a responsibility to the public.
Online shoppers must also be aware of a data breach that potentially exposes so much of their sensitive data.
The purpose of this web mapping project is to help make the internet safer for all users.
We never sell, store, or expose any information we encounter during our security research.
Our ethical security research team has discovered and disclosed some of the most impactful data breaches in recent years.
Weve also uncovered huge scams targeting users ofFacebookandSpotify.
You may also want to read ourVPN Leak Report and Data Privacy Stats Report.
Help Us Protect The Internet!
yo, comment on how to improve this article.
