fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Popular Shopify App Exposes Private Data Of Thousands Of Shoppers

Popular Shopify App Exposes Private Data Of Thousands Of Shoppers

The app in duscission is Shopify dropshipping app called Topdser which is also the official partner dropshipping app of AliExpress.

A mainstream Shopify app was leaking sensitive data and as a result, thousands of customers were affected. The app exposed private data of Shopify customers, including credit card data and personal details.

The Origins of the Leak Unclear

VPNMentor researchers who identified the data aren’t 100% sure about the actual originating point of the data leak. However, as per the evidence they have found, Shopify dropshipping app Topdser caused the leak.

Topdser is quite similar to Oberlo app that connects Shopify websites with AliExpress and automates other business processes.

Also Read: Computer Misuse Act Singapore: The Truth And Its Offenses

“In this case, we couldn’t conclude with 100% certainty that Topdser was responsible for the data leak, although there’s considerable evidence to suggest it was,” said vpnMentor’s blog post shared with Hackread.com

The links embedded in the data were directed to the website of Topdser as no other company can gain access or permissions required to create them.

Thousands of Shoppers Impacted

Researchers state that over 100,000 purchase data was compromised from more than 17,000 Shopify stores. Additionally, researchers revealed that the exposed data was around 13GB at the time of discovery, but on Shodan, the total size of data was 95+ GB.

Similarly, at the time of discovery, the researchers noted that the number of leaked records was 17.5 million; however, Shodan revealed that 23 million records were compromised in total. This means the data leak could have impacted roughly 80,000 to 100,000 customers.

Popular Shopify app exposes private data of thousands of shoppers
Screenshot shared by vpnMentor shows leaked data includes order details, credit card, and PII data.

Shopify has been Notified

VPNMentor team discovered the data leak on 21st Nov 2020 and immediately notified Shopify since the exposed data belonged to Shopify. However, it is worth noting that the company is not responsible for the leak.

The research team also contacted Topdser on the same day to close the vulnerability and secure the exposed data. The database was taken offline on 24h Nov 2020, but none of the companies responded or released an official statement.

Also Read: Personal Data Websites: 3 Things That You Must Be Informed

This is a serious issue since the exposed data can be used to steal from or defraud thousands of Shopify shoppers worldwide.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us