Data Breach News

Hacker Shares Data From Alleged Shopify Data Breach

The data may possibly stem from the recent Evolve Bank and Trust data breach, a partner of Shopify Balance.

by Alan J July 4, 2024

Share on LinkedInShare on Twitter

A known threat actor on the BreachForums who uses the moniker ‘888’ has shared data allegedly stolen from Shopify in a data breach incident. The data is claimed to consist personal details, email subscriptions and order-related information of its users.

Shopify Inc. is a Canada-based multinational business that offers a proprietary e-commerce platform along with integrations to allow individuals, retailers and other businesses to setup their own online stores or retail point-of-sale websites.

Alleged Shopify Data Breach

The Shopify data breach claims to contain 179,873 rows of user information. These records allegedly include Shopify ID, First Name, Last Name, Email, Mobile, Orders Count, Total spent, Email subscriptions, Email subscription dates, SMS subscription, and SMS subscription dates.

Source: BreachForums

The Cyber Express could not verify the authenticity of these claims but the threat actor has a high-ranking reputation within the BreachForums community that has earned him the title of ‘Kingpin.’ The breach could possibly have stemmed from a recent data breach incident impacting Evolve Bank and Trust.

Evolve Bank and Trust is a supporting partner of Shopify Balance, a money management integration built-in to the admin pages of Shopify stores. The bank is also a third-party issuer of Affirm debit cards.


Recent Evolve Bank and Trust Data Breach

Towards the end of June, the Evolve Bank confirmed that it had been impacted by a cybersecurity incident claimed by LockBit. The bank disclosed that the stolen data included sensitive personal information such as names, social security numbers(SSNs), dates of birth, and account details, among other data.

In an official statement in response to the Evolve data breach, the bank said, “Evolve is currently investigating a cybersecurity incident involving a known cybercriminal organization that appears to have illegally obtained and released on the dark web the data and personal information of some Evolve retail bank customers and financial technology partners’ customers (end users).”

Later, the financial firm Affirm Holdings had confirmed that it had also been affected by the Evolve Bank and Trust Data Breach. The firm stated in a security notice on its website, “Affirm is aware of a cybersecurity incident involving Evolve, a third party vendor that serves as an issuing partner on the Affirm Card. We are actively investigating the issue. We will communicate directly with any impacted consumers as we learn more.”


Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button