Official dropshipping partner of AliExpress “Topdser” is the app under the question of compromising user data.
The mainstream Shopify app was leaking private data of users including their personal details and card numbers. Topdser is an app that connects Shopify websites with AliExpress and automates other business processes.
The links embedded in the data were directed to the website of Topdser as no other company can gain access or permissions required to create them. 17000 stores were impacted by the leak and a total of 100,000 purchase data was compromised.
The data at the time of discovery was around 13 GB but the final tally went up to 95+ GB. The number of leaked records was around 23 million, which means that around 80,000 to 100,000 individuals were impacted by this data leak.
Researchers have notified the Shopify organization about the leak as the data leaked belonged to the organization. Shopify however was not the one that caused the leak. The research team has also contacted Topdser to immediately secure the data and databases.
NPAV recommends all Shopify shoppers to be careful and beware of the fraudsters as they may use the compromised data to launch various cyber attacks. Install NPAV on your devices to keep them protected from all kinds of cyberattacks.
Use NPAV and join us on a mission to secure the cyber world.