It has been reported today that a leading Shopify app has suffered a data leak which has compromised thousands of customers personal and financial details.
The leak which was first discovered by the research team at VPNMentor has been analysed in a thorough report put together by the team.
Whilst they cannot be 100% confident on where the leak originated, they claim that the evidence they found strongly suggests that the leak originated from the Shopify app Topdser.
Topdser is a dropshipping app similar to Oberlo which allows Shopify websites to connect with AliExpress and also automate numerous other business processes.
VPNMentor has estimated that 100,000+ purchase data has been compromised from over 17,000 Shopify stores. Unfortunately the leak has comprised of financial data which means personally identifiable information as well as payment information has been leaked.
“In this case, we couldn’t conclude with 100% certainty that Topdser was responsible for the data leak, although there’s considerable evidence to suggest it was.
Links embedded in the data were directed to Topdser’s website. It would be impossible for another company to obtain access or permissions needed to create these. The company’s name was also found throughout the leaking database.
We notified Shopify immediately after examining the data leak, as the exposed data originated from stores running on its platform, although the company is not liable for the leak. We also contacted Topdser in case it was responsible for the leak so it could close the vulnerability and secure the data.
While Shopify acknowledged our disclosure, Topdser failed to respond.
One day after contacting the company, however, the database was taken offline.” – VPNMentor
To see the full report and actions that you should take if you believe your business may have been affected by this leak then check out the VPN Mentor site.
Connect With Us And Other Small Business Owners
Please head over to our Facebook Group for Small Business Sellers and interact with other small business owners.