1. Leaked data from Shopify plugins developed by Saara
3/27/2024 4:07:57 PM
Leaked data from Shopify plugins developed by Saara
Shopify plugins,Ransomeware,Bitcoin,E-commerce,Data breach,MongoDB,Saara
https://news-cdn.moonbeam.co/Leaked-data-from-Shopify-plugins-developed-by-Saara-App-Developer-Magazine_h7u8u80u.jpg
App Developer Magazine
Leaked data from Shopify plugins developed by Saara

Mobile-App-Testing-Leaderboard
Security

Leaked data from Shopify plugins developed by Saara


Wednesday, March 27, 2024

Freeman Lightner Freeman Lightner

The Cybernews research team exposed a data breach from a publicly accessible MongoDB database, tied to the Shopify plugin developers from Saara, the data included over 7M orders and sensitive customer information, plus the data was available for eight months and held for a ransom of .01 Bitcoin.

The Cybernews research team discovered that a vast amount of sensitive data of shoppers was exposed to threat actors by the e-commerce giant’s Shopify plugin developer Saara, with millions of orders being leaked.

Key findings from the Cybernews report, covering the data breach on the Shopify plugins developed by Saara

  • Researchers discovered a publicly accessible MongoDB database belonging to a US-based company, Saara, that is developing Shopify plugins.
  • The leaked database stored 25GB of data.
  • Leaked data was collected by plugins from over 1,800 Shopify stores using the company’s plugins.
  • It held data from more than 7.6 million individual orders, including sensitive customer data.
  • The data stayed up for grabs for eight months and was likely accessed by threat actors.
  • The database contained a ransom note demanding 0.01 in bitcoin (around $640), or the data would be released publicly.
     
Plugins confirmed as affected by the leak

Plugins confirmed as affected by the leak:

  • EcoReturns: for AI-powered returns 
  • WyseMe: to acquire top shoppers

Leaked data included:

  • Customer names 
  • Email addresses 
  • Phone numbers 
  • Addresses 
  • Information about ordered items 
  • Order tracking numbers and links 
  • IP addresses 
  • User agents
  • Partial payment information

Some of the online stores mostly affected by the leak: 

  • Snitch
  • Bliss Club
  • Steve Madden
  • The Tribe Concepts
  • Scoboo.in
  • OneOne Swimwear
Subscribe to App Developer Magazine

Become a subscriber of App Developer Magazine for just $5.99 a month and take advantage of all these perks.

MEMBERS GET ACCESS TO

  • - Exclusive content from leaders in the industry
  • - Q&A articles from industry leaders
  • - Tips and tricks from the most successful developers weekly
  • - Monthly issues, including all 90+ back-issues since 2012
  • - Event discounts and early-bird signups
  • - Gain insight from top achievers in the app store
  • - Learn what tools to use, what SDK's to use, and more

    Subscribe here

, , , , , ,

Featured Stories


Social engineering takeover attacks are on the rise
Social engineering takeover attacks are on the rise Thursday, April 18, 2024


Mobile-App-Testing-SW

Epic Games defeats Google in court
Epic Games defeats Google in court Thursday, April 18, 2024


Veracode acquires Longbow Security
Veracode acquires Longbow Security Thursday, April 18, 2024


TRON HTX DAO Hong Kong Meetup 2024
TRON HTX DAO Hong Kong Meetup 2024 Monday, April 15, 2024


Safer Bitcoin alternative launched from DLC.Link
Safer Bitcoin alternative launched from DLC.Link Monday, April 15, 2024


Apple shifts position on AI and aquires Darwin AI
Apple shifts position on AI and aquires Darwin AI Wednesday, April 10, 2024


AlgoKit blockchain toolset adds native Python support
AlgoKit blockchain toolset adds native Python support Tuesday, April 9, 2024


Stay Updated

Sign up for our newsletter for the headlines delivered to you

SuccessFull SignUp

App Developer Magazine April-2024 for Apple and Android mobile app developers
Mobile-App-Testing-SW

Get More App News