The app in duscission is Shopify dropshipping app called Topdser which is also the official partner dropshipping app of AliExpress.
A mainstream Shopify app was leaking sensitive data and as a result, thousands of customers were affected. The app exposed private data of Shopify customers, including credit card data and personal details.
VPNMentor researchers who identified the data aren’t 100% sure about the actual originating point of the data leak. However, as per the evidence they have found, Shopify dropshipping app Topdser caused the leak.
Topdser is quite similar to Oberlo app that connects Shopify websites with AliExpress and automates other business processes.
Also Read: Computer Misuse Act Singapore: The Truth And Its Offenses
“In this case, we couldn’t conclude with 100% certainty that Topdser was responsible for the data leak, although there’s considerable evidence to suggest it was,” said vpnMentor’s blog post shared with Hackread.com
The links embedded in the data were directed to the website of Topdser as no other company can gain access or permissions required to create them.
Researchers state that over 100,000 purchase data was compromised from more than 17,000 Shopify stores. Additionally, researchers revealed that the exposed data was around 13GB at the time of discovery, but on Shodan, the total size of data was 95+ GB.
Similarly, at the time of discovery, the researchers noted that the number of leaked records was 17.5 million; however, Shodan revealed that 23 million records were compromised in total. This means the data leak could have impacted roughly 80,000 to 100,000 customers.
VPNMentor team discovered the data leak on 21st Nov 2020 and immediately notified Shopify since the exposed data belonged to Shopify. However, it is worth noting that the company is not responsible for the leak.
The research team also contacted Topdser on the same day to close the vulnerability and secure the exposed data. The database was taken offline on 24h Nov 2020, but none of the companies responded or released an official statement.
Also Read: Personal Data Websites: 3 Things That You Must Be Informed
This is a serious issue since the exposed data can be used to steal from or defraud thousands of Shopify shoppers worldwide.
Role of Enhanced Access Controls in Safeguarding Personal Data in Telecommunications that every Organisation in…
Effective Incident Response Procedures in Strengthening Data Security that every Organisation in Singapore should know…
Crucial Role of Regular Vulnerability Scanning that every Organisation in Singapore should know. Strengthening Your…
Enhancing Data Security with Multi-Factor Authentication that every Organisation in Singapore should know. Enhancing Data…
Strong Password Policy as a first line of defense against data breaches for Organisations in…
Importance of Efficient Access Controls that every Organisation in Singapore should take note of. Enhancing…
This website uses cookies.
