This kind of thing is so efficient, so sellers don't have to complain about feedback problems, and they can't be effectively dealt with for a long time. Let the feedback fly for half a month first. . . Some time ago, an article "Thousands of Shopify sellers' income and transaction information was leaked" spread in the cross-border circle. The general meaning is that an overseas "hacker" found that some store transaction data was made public when he grabbed shopify's api json data package through curl, and then reversely queried the CNAME record to obtain a list of all.
Shopify stores, which was read by writing a Python automation program To 800,000 shopify stores, a total of 12,100 stores are at risk. Among them, the complete sales records and traffic mobile number list data of 8,700 stores since 2015 have been obtained, which are kept confidential and not made public, while the other 3,400 stores are expected to be bounty program, which is to reward those hacker programmers who help Shopify discover vulnerabilities and report them to Shopify, and reward him with a sum of money.
Bonus Program: hackerone/shopify Shopify just put on its pants, and Amazon started to run naked again. Is Amazon's global site deliberately leaking the seller's real inventory? 17 Fathi reported the vulnerability to Shopify on October 13, 2018, and the company acknowledged it on October 16 and fixed it on November 1. Then, wonder if it's time to receive a Shopify bonus. The result: nothing! Received an email like this: While we appreciate your attempt to demonstrate the impact of the issues you've discovered, knowingly accessing other merchants' information rather than immediately reporting this to us is a matter of great concern to Shopify. Therefore, this report will not receive an error award.