Perhaps to complain about the hacker, a blogger published " Shopify API vulnerability leaked revenue data for thousands of stores " on znet and emphasized the note: Update: The bug is believed to be valid, but the researcher did not get paid. Fathi shared the whole process of how he got this data on medium : How I got revenue and traffic data for thousands of Shopify stores Shopify just put on its . Is Amazon's global site deliberately leaking the seller's real inventory? 18 The Python code even published in the Aliyun prophet community xz.aliyun/t/4832 As a technician, I carefully read the full text, analyzed the Python code content, and understood how fathi did it. On the one hand, there are some coincidences.
This kind of vulnerability is not unique to Shopify. In the early years, some other platforms could also obtain similar information by grabbing data packets. It's just that Shopify mobile number list carries too many stores, and a little carelessness may cause serious consequences. Of course, don't worry, Shopify's loopholes have long been blocked, and there are no serious consequences. In terms of data information security, Shopify has done much better than most domestic companies.
Don't forget, many third-party service providers, online erp, and third-party payment companies have mastered the seller's complete sales data through authorization, and whether these data will be used for illegal purposes depends entirely on the ethics and business ethics of the service provider. Isn't this a forced data leakage risk? From a technical point of view, even if Shopify does not close this loophole, it is difficult for ordinary people to discover and capture these data. At least you must know how to curl packets, understand the principle of DNS reverse proxy query, and understand Python programming Only with technology can there be opportunities for discovery. Therefore, there is no need to talk about Shopify leaking seller data. Most sellers in China do not have the technical ability to do this.