close
close

Hacker Releases Data From Alleged Shopify Data Breach

Posted on by darion

A known threat actor on BreachForums who goes by the pseudonym “888” has shared data allegedly stolen from Shopify in a data breach incident. The data is claimed to consist of personally identifiable information, email subscriptions, and information related to user orders.

Shopify Inc. is a Canadian-based multinational company that offers its own e-commerce platform with integrations that enable individuals, retailers, and other businesses to set up their own online stores or retail point-of-sale websites.

Shopify’s Alleged Data Breach

The Shopify data breach claims to contain 179,873 lines of user information. These records allegedly include Shopify ID, first name, last name, email address, mobile phone number, number of orders, total spend, email subscriptions, email subscription dates, SMS subscription, and SMS subscription dates.

Shopify Evolve Bank and Trust Data Breach 31Shopify Evolve Bank and Trust Data Breach 31
Source: BreachForums

Cyber ​​​​Express was unable to verify the authenticity of these claims, but the perpetrator of the threat has a high reputation in the BreachForums community, earning him the title of “Kingpin”. The data leak may have been a result of the recent data breach at Evolve Bank and Trust.

Evolve Bank and Trust is a supporting partner for Shopify Balance, a money management integration built into the admin pages of Shopify stores. The bank is also a third-party issuer of Affirm debit cards.

Shopify Evolve Bank and Trust Data BreachShopify Evolve Bank and Trust Data Breach
Source: X.com (@lvdeeaz)

Recent Evolve Bank and Trust Data Breach

In late June, Evolve Bank confirmed it had been affected by a cybersecurity incident reported by LockBit. The bank said the stolen data included sensitive personal information such as names, Social Security numbers (SSNs), dates of birth and account details, among other data.

In an official statement in response to the Evolve data breach, the bank said: “Evolve is currently investigating a cybersecurity incident involving a known cybercriminal organization that appears to have illegally obtained and shared personal data and information of certain Evolve Retail Bank customers and customers of financial technology partners (end users) on the dark web.”

Financial firm Affirm Holdings later confirmed that it, too, had been affected by the Evolve Bank and Trust data breach. The company said in a security announcement on its website: “Affirm is aware of a cybersecurity incident involving Evolve, a third-party vendor that serves as an Affirm card issuing partner. We are actively investigating this issue. We will communicate directly with any affected consumers as we learn more.”

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for informational purposes only and users assume full responsibility for any reliance placed on it. Cyber ​​​​Express assumes no responsibility for the accuracy or consequences of using this information.