Canadian eCommerce Giant Shopify Rogue Employee Stealing Customers Information


Level 69
Content Creator
Malware Hunter
Aug 17, 2014
Canadian e-commerce merchant Shopify has reported that it detected an ongoing insider threat case.

In a statement, Shopify said it had become aware of an incident involving the data of fewer than 200 merchants, and its investigation “determined that two rogue members of our support team were engaged in a scheme to obtain customer transactional records of certain merchants.”

Upon discovery, Shopify immediately terminated the individuals’ access to the Shopify network and referred the incident to law enforcement. “We are currently working with the FBI and other international agencies in their investigation of these criminal acts,” it said. “While we do not have evidence of the data being utilized, we are in the early stages of the investigation and will be updating affected merchants as relevant.”

Shopify said the incident was not caused by a technical vulnerability in the platform, and some stores may have had customer data exposed. “This data includes basic contact information, such as email, name, and address, as well as order details, like products and services purchased. Complete payment card numbers or other sensitive personal or financial information were not part of this incident.”
Shopify said it does not take these events lightly, and “we have zero tolerance for platform abuse and will take action to preserve the confidence of our community and the integrity of our product.”
Last edited:


New Member
May 12, 2020
Well, it appears some support staff members of Canadian eCommerce giant Shopify went rogue stealing customers information from over 200 Shopify store.

The company have terminated these people's access to the network and says they're working with the FBI and international agencies to investigate the criminal acts. And also state that there is so far no evidence that data has been used but it's still early in the investigation.

The employee was allegedly targeting information such as name, email address as well as potential things like order details service and product that were been purchased but it does not appear at least at this point that any of financial data like credit card numbers were involved. Shopify, of course, has benefited from surge in online sales resulting from the pandemic and seems unlikely that this will shake customer loyalty because the breach wasn't a result of a technical vulnerability but rogue employees and so far shares on the stock market really aren't taking a hit at this point.

Again 200 merchants here, Shopify does have more than a million customers and didn't say which of those merchants may have been compromised but the company has a big list partner including amazon.
Last edited by a moderator:
  • Like
Reactions: Gandalf_The_Grey