1. https://appdevelopermagazine.com/security
  2. https://appdevelopermagazine.com/leaked-data-from-shopify-plugins-developed-by-saara/
3/27/2024 4:07:57 PM
Leaked data from Shopify plugins developed by Saara
Shopify plugins,Ransomeware,Bitcoin,E-commerce,Data breach,MongoDB,Saara
App Developer Magazine
Leaked data from Shopify plugins developed by Saara


Leaked data from Shopify plugins developed by Saara

Wednesday, March 27, 2024

Freeman Lightner Freeman Lightner

The Cybernews research team exposed a data breach from a publicly accessible MongoDB database, tied to the Shopify plugin developers from Saara, the data included over 7M orders and sensitive customer information, plus the data was available for eight months and held for a ransom of .01 Bitcoin.

The Cybernews research team discovered that a vast amount of sensitive data of shoppers was exposed to threat actors by the e-commerce giant’s Shopify plugin developer Saara, with millions of orders being leaked.

Key findings from the Cybernews report, covering the data breach on the Shopify plugins developed by Saara

  • Researchers discovered a publicly accessible MongoDB database belonging to a US-based company, Saara, that is developing Shopify plugins.
  • The leaked database stored 25GB of data.
  • Leaked data was collected by plugins from over 1,800 Shopify stores using the company’s plugins.
  • It held data from more than 7.6 million individual orders, including sensitive customer data.
  • The data stayed up for grabs for eight months and was likely accessed by threat actors.
  • The database contained a ransom note demanding 0.01 in bitcoin (around $640), or the data would be released publicly.
Plugins confirmed as affected by the leak

Plugins confirmed as affected by the leak:

  • EcoReturns: for AI-powered returns 
  • WyseMe: to acquire top shoppers

Leaked data included:

  • Customer names 
  • Email addresses 
  • Phone numbers 
  • Addresses 
  • Information about ordered items 
  • Order tracking numbers and links 
  • IP addresses 
  • User agents
  • Partial payment information

Some of the online stores mostly affected by the leak: 

  • Snitch
  • Bliss Club
  • Steve Madden
  • The Tribe Concepts
  • Scoboo.in
  • OneOne Swimwear

Subscribe to App Developer Magazine

Become a subscriber of App Developer Magazine for just $5.99 a month and take advantage of all these perks.


  • - Exclusive content from leaders in the industry
  • - Q&A articles from industry leaders
  • - Tips and tricks from the most successful developers weekly
  • - Monthly issues, including all 90+ back-issues since 2012
  • - Event discounts and early-bird signups
  • - Gain insight from top achievers in the app store
  • - Learn what tools to use, what SDK's to use, and more

    Subscribe here