We’ve seen all kinds of data breaches from outside hackers, and occasionally, as happened with Twitter, breaches that occurred as outsiders phished employeee credentials for access, but for Shopify, the threat came from inside. The company’s software enables online shopping for other businesses, and in a blog post it revealed that two employees were caught “in a scheme to obtain customer transactional records of certain merchants.”
It’s unclear how much data they actually stole, which the blog post said came from fewer than 200 merchants. The information access included stuff like contact information as well as order details of what was purchased, but for now, the company says it did not include payment information like credit card or account numbers.
Shopify didn’t list the affected stores, but says it did inform them directly. Bloomberg reports that Pure, a cosmetics seller, notified customers of the breach, saying it occurred on September 15th. For now, you’ll probably have to keep an eye on your inbox, as it may not be obvious which sellers you interact with rely on the popular Shopify software kit.