E-commerce giant Shopify has denied claims of a data breach after a threat actor, known as '888', began selling alleged customer information purportedly stolen from the platform's network. "Shopify systems have not suffered a security breach," a Shopify spokesperson told BleepingComputer, clarifying that the reported data loss came from a third-party application. The app developer plans to notify affected customers. The denial follows an incident earlier this week where '888' began selling data supposedly taken from Shopify in 2024. Shared samples included a person's Shopify ID, name, email, mobile number, order count, total expenditure, email subscription details, and SMS subscription information. ? Shopify did not provide additional details about the specific app involved in the data compromise. The threat actor '888' has a history of selling or leaking data allegedly linked to several notable organizations, including Credit Suisse, Shell, Heineken, Accenture India, and Unicef. In 2020, Shopify revealed that two rogue employees accessed customer transaction records of about 200 merchants. This recent incident highlights ongoing challenges in securing customer data, particularly when third-party applications are involved. Shopify's recent experience underscores the importance of rigorous security measures and vigilant monitoring of third-party applications to protect customer data effectively. This situation serves as a reminder of the critical need for robust security protocols and constant vigilance in the ever-evolving landscape of cybersecurity threats.
A newly observed phishing campaign is abusing trusted file formats and lightweight scripting environments to deliver commodity malware while evading traditional security tools. Att...
Cybersecurity researchers discovered a sophisticated cyber espionage campaign utilizing a newly documented malware variant named GoSerpent. Operating covertly since late 2025, the ...
Ernst & Young (EY) has disclosed a data breach caused by the compromise of a third-party IT support ticket system used by its personnel. The unauthorized access occurred between Ma...