Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Data Breach
  • Shopify Discloses Security Incident Involving Some Merchants’ Data
  • Data Breach
  • Vulnerabilities

Shopify Discloses Security Incident Involving Some Merchants’ Data

5 years ago David Bisson
Shopify Discloses Security Incident Involving Some Merchants’ Data

Canadian multinational e-commerce company Shopify disclosed a security incident that involved the information of some of its merchants.

On September 22, Shopify published an incident update on its website. This bulletin explained that “two rogue members” of the company’s support team had attempted to obtain the customer transaction records of fewer than 200 merchants by exploiting a technical vulnerability in its platform.

An investigation into what happened revealed that the incident had not affected most of Shopify’s merchants but had exposed customer data for some of the affected stores.

That data included customers’ contact information including their names, email addresses and physical addresses along with their order details. It did not include payment card details or other sensitive data.

The company responded by terminating the malicious insiders and notifying law enforcement.

As of this writing, Shopify was still investigating this incident with the assistance of the FBI and other international law enforcement bodies.

PJ Norris, senior systems engineer at Tripwire, explains that this incident highlights the need for organizations to defend themselves against internal threats:

Organizations are often so focused on protecting their infrastructure and data from external threats that they forget that, like the classic horror film ploy, the call may be coming from inside the house. Employees have access to their organization’s sensitive assets, which is why it isn’t all that uncommon for disgruntled employees to steal data or even accept bribes from cybercriminal groups whose vaults are replenished regularly by the returns of their malicious campaigns. Hopefully, Shopify will have a monitoring system in place that will aid their security team and the FBI in analyzing which accounts have been compromised and how the incident occurred.

Organizations should protect themselves from insider threats by designing their environment with least privilege in mind so that only the right people have access to sensitive data at the right time. It is impossible to reduce the risk of a rogue employee intentionally causing a security incident, which is why it is best to have all the measures in place to monitor activity on sensitive servers and to record sessions in the unfortunate event that a forensic investigation becomes necessary.

For guidance on how to mitigate the insider threats, please click here.

The post ” Shopify Discloses Security Incident Involving Some Merchants’ Data” appeared first on TripWire

Source:TripWire – David Bisson

Tags: Encryption, Hacker, TripWire

Continue Reading

Previous A New Hacking Group Hitting Russian Companies With Ransomware
Next OldGremlin Ransomware Group Bedevils Russian Orgs

More Stories

  • Cyber Attacks
  • Data Breach

Microsoft Begins NTLM Phase-Out With Three-Stage Plan to Move Windows to Kerberos

1 hour ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

⚡ Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats

5 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach

Securing the Mid-Market Across the Complete Threat Lifecycle

6 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users

8 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware

11 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm

12 hours ago [email protected] (The Hacker News)

Recent Posts

  • Microsoft Begins NTLM Phase-Out With Three-Stage Plan to Move Windows to Kerberos
  • ⚡ Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats
  • Securing the Mid-Market Across the Complete Threat Lifecycle
  • Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users
  • eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT