Massive Shopify Data Breach Exposes 179,873 Users' Personal Information

Shopify is a leading e-commerce platform that allows individuals and businesses to create online stores and sell products. As of 2024, Shopify reported a revenue of $7.4 billion. The platform supports millions of merchants worldwide, offering tools for payment processing, marketing, shipping, and customer engagement.

Breach Details

• Date of Breach: 2024
• Announcement: Posted on BreachForums by a user named "888"
• Data Compromised:
  • Shopify ID
  • First name
  • Last name
  • Email
  • Mobile number
  • Order count
  • Total spent
  • Email subscription status and date
  • SMS subscription status and date
• Total Records: 179,873 rows of user information

Threat Actor Profile

The breach was disclosed by a forum user with the handle "888," who has been a member since August 2023 and holds a reputation score of 1,100. This user has created 37 threads and posted 69 times, indicating active participation in the forum. The user offered the breached data for a one-time sale, accepting payment only in Monero (XMR), a cryptocurrency known for its privacy features.

The breach was disclosed by a forum user with the handle "888." This individual has gained notoriety for a series of high-profile data breaches throughout 2024. Here are some key incidents attributed to 888:

1. UNICEF Breach (April 2024): 888 leaked data from 11 countries, including personal details, contact numbers, and geographical coordinates, potentially jeopardizing the privacy and safety of vulnerable populations served by UNICEF​ (BreachLock)​​ (Cyber Daily)​.
2. Shell Fuel Data Breach: 888 listed data belonging to 80,000 Shell customers across multiple countries, including Australia, the UK, France, and others. This data included personal and transactional information​ (Cyber Daily)​.
3. Heineken Employee Data Leak: Over 8,000 Heineken employees' personal information was leaked, compromising their names, contact details, and other sensitive information​ (Cyber Daily)​.
4. Kintetsu World Express Breach: 888 leaked data from 819 employees of this international freight forwarding and logistics company, including sensitive economic information​ (Cyber Daily)​.

Impact Analysis

• Affected Users: 179,873 Shopify users
• Potential Risks:
  • Identity Theft: Personal information such as names, emails, and mobile numbers can be used for identity theft.
  • Phishing Attacks: The exposed email addresses can be targeted for phishing scams, potentially leading to further data breaches or financial loss.
  • Account Takeovers: Detailed information about user orders and subscriptions could be exploited to hijack user accounts.
  • Spam and Unwanted Communication: Users may receive unsolicited emails and messages due to the exposure of their subscription details.