Massive Shopify Data Breach Exposes 179,873 Users' Personal Information

Shopify Data Breach Alert! 179,873 users' personal information exposed. Change your passwords and enable 2FA now! #DataBreach #Shopify

Massive Shopify Data Breach Exposes 179,873 Users' Personal Information
Shopify Data Breach

Shopify is a leading e-commerce platform that allows individuals and businesses to create online stores and sell products. As of 2024, Shopify reported a revenue of $7.4 billion. The platform supports millions of merchants worldwide, offering tools for payment processing, marketing, shipping, and customer engagement.

Breach Details

  • Date of Breach: 2024
  • Announcement: Posted on BreachForums by a user named "888"
  • Data Compromised:
    • Shopify ID
    • First name
    • Last name
    • Email
    • Mobile number
    • Order count
    • Total spent
    • Email subscription status and date
    • SMS subscription status and date
  • Total Records: 179,873 rows of user information

Threat Actor Profile

The breach was disclosed by a forum user with the handle "888," who has been a member since August 2023 and holds a reputation score of 1,100. This user has created 37 threads and posted 69 times, indicating active participation in the forum. The user offered the breached data for a one-time sale, accepting payment only in Monero (XMR), a cryptocurrency known for its privacy features.

The breach was disclosed by a forum user with the handle "888." This individual has gained notoriety for a series of high-profile data breaches throughout 2024. Here are some key incidents attributed to 888:

  1. UNICEF Breach (April 2024): 888 leaked data from 11 countries, including personal details, contact numbers, and geographical coordinates, potentially jeopardizing the privacy and safety of vulnerable populations served by UNICEF​ (BreachLock)​​ (Cyber Daily)​.
  2. Shell Fuel Data Breach: 888 listed data belonging to 80,000 Shell customers across multiple countries, including Australia, the UK, France, and others. This data included personal and transactional information​ (Cyber Daily)​.
  3. Heineken Employee Data Leak: Over 8,000 Heineken employees' personal information was leaked, compromising their names, contact details, and other sensitive information​ (Cyber Daily)​.
  4. Kintetsu World Express Breach: 888 leaked data from 819 employees of this international freight forwarding and logistics company, including sensitive economic information​ (Cyber Daily)​.

Impact Analysis

  • Affected Users: 179,873 Shopify users
  • Potential Risks:
    • Identity Theft: Personal information such as names, emails, and mobile numbers can be used for identity theft.
    • Phishing Attacks: The exposed email addresses can be targeted for phishing scams, potentially leading to further data breaches or financial loss.
    • Account Takeovers: Detailed information about user orders and subscriptions could be exploited to hijack user accounts.
    • Spam and Unwanted Communication: Users may receive unsolicited emails and messages due to the exposure of their subscription details.