A known threat actor on the BreachForums who uses the moniker ‘888’ has shared data allegedly stolen from Shopify in a data breach incident. The data is claimed to consist personal details, email subscriptions and order-related information of its users.
Shopify Inc. is a Canada-based multinational business that offers a proprietary e-commerce platform along with integrations to allow individuals, retailers and other businesses to setup their own online stores or retail point-of-sale websites.
Alleged Shopify Data Breach
The Shopify data breach claims to contain 179,873 rows of user information. These records allegedly include Shopify ID, First Name, Last Name, Email, Mobile, Orders Count, Total spent, Email subscriptions, Email subscription dates, SMS subscription, and SMS subscription dates.
The Cyber Express could not verify the authenticity of these claims but the threat actor has a high-ranking reputation within the BreachForums community that has earned him the title of ‘Kingpin.’ The breach could possibly have stemmed from a recent data breach incident impacting Evolve Bank and Trust.
Evolve Bank and Trust is a supporting partner of Shopify Balance, a money management integration built-in to the admin pages of Shopify stores. The bank is also a third-party issuer of Affirm debit cards.
Recent Evolve Bank and Trust Data Breach
Towards the end of June, the Evolve Bank confirmed that it had been impacted by a cybersecurity incident claimed by LockBit. The bank disclosed that the stolen data included sensitive personal information such as names, social security numbers(SSNs), dates of birth, and account details, among other data.
In an official statement in response to the Evolve data breach, the bank said, “Evolve is currently investigating a cybersecurity incident involving a known cybercriminal organization that appears to have illegally obtained and released on the dark web the data and personal information of some Evolve retail bank customers and financial technology partners’ customers (end users).”
Later, the financial firm Affirm Holdings had confirmed that it had also been affected by the Evolve Bank and Trust Data Breach. The firm stated in a security notice on its website, “Affirm is aware of a cybersecurity incident involving Evolve, a third party vendor that serves as an issuing partner on the Affirm Card. We are actively investigating the issue. We will communicate directly with any impacted consumers as we learn more.”
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.