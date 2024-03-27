Ransomware, Data Security, Privacy

Nearly 2K Shopify stores’ data exposed by plugins

Hacker attack computer hardware microchip while process data through internet network, 3d rendering insecure Cyber Security exploit database breach concept, virus malware unlock warning screen

Credit: Adobe Stock Images

More than 1,800 stores on major e-commerce platform Shopify using Saara's EcoReturns and WyseMe plugins had 25 GB of data exposed due to the developer's misconfigured MongoDB database, according to Cybernews.

Such a database included details from over 7.6 million individual orders, including customers' names, delivery, email, and IP addresses, phone numbers, ordered item information, order tracking numbers, user agents, and partial payment details, reported Cybernews researchers, who also discovered a ransom note within the database that demanded nearly $640 worth of bitcoin.

While the database was reported to be open for eight months before being secured, Saara founder and CEO emphasized that the password-protected database did not have sensitive data.

Such a development highlights the risks associated with third-party services, which should prompt comprehensive third-party plugin audits among e-commerce store developers, and the importance of data encryption and anonymization efforts to curb possible data exposure.

Related

Massive TheMoon bot campaign hits outdated routers, IoT devices

Attacks with an updated TheMoon botnet variant have impacted more than 40,000 end-of-life small office and home office routers and internet of things devices across 88 countries during the first two months of 2024, while the botnet's latest campaign earlier this month facilitated the compromise of over 6,000 Asus routers in less than three days, Security Affairs reports.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.