{"id":26843,"date":"2019-04-18T11:26:44","date_gmt":"2019-04-18T11:26:44","guid":{"rendered":"http:\/\/9330f0ec-c9bb-4480-ba88-976e46e37c50"},"modified":"2019-04-18T11:26:44","modified_gmt":"2019-04-18T11:26:44","slug":"shopify-api-flaw-offered-access-to-revenue-data-of-thousands-of-stores","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/shopify-api-flaw-offered-access-to-revenue-data-of-thousands-of-stores\/","title":{"rendered":"Shopify API flaw offered access to revenue data of thousands of stores"},"content":{"rendered":"<p>A security flaw in a Shopify API endpoint has been discovered by a researcher which can be exploited to leak the revenue and traffic data of thousands of stores.<\/p>\n<p>Application security engineer and bug bounty hunter Ayoub Fathi disclosed his findings <a href=\"https:\/\/medium.com\/@ayoubfathi\/how-i-gained-access-to-revenue-and-traffic-data-of-thousands-of-shopify-stores-b6fe360cc369\" target=\"_blank\" rel=\"noopener noreferrer\">in a Medium blog post<\/a> this week.<\/p>\n<p>Shopify, which accounts for over 800,000 merchants in more than 175 countries, set up a new API over the past year which gained Fathi&#8217;s interest. This API was meant to be used to internally fetch sales data for graph presentations, but the system was found to be leaking the revenue data of two unnamed Shopify stores, one of which had been removed from the platform.<\/p>\n<p>The researcher set up a new store and used $storeName on the same API endpoint to test whether or not the system was vulnerable to an Insecure Direct Object Reference (IDOR) bug. However, this resulted in a 404 error.<\/p>\n<p>Fathi then decided to perform a mass check on all existing stores instead to see if any customer information would leak through the API.<\/p>\n<p>A script was built containing store names and vulnerable domains were filtered out after the wordlist was iterated against the endpoint.<\/p>\n<p>Out of 1000 stores, only four &#8212; one of which was closed &#8212; were shown to be vulnerable. However, the researcher dug deeper by using a larger dataset, containing 813,684 records, using Forward DNS.<\/p>\n<section class=\"sharethrough-top\" data-component=\"medusaContentRecommendation\" data-medusa-content-recommendation-options=\"{&quot;promo&quot;:&quot;promo_ZD_recommendation_sharethrough_top_in_article_desktop&quot;,&quot;spot&quot;:&quot;dfp-in-article&quot;}\">\n<\/section>\n<p>A further test of these records using a Bash script was then implemented, resulting in a list of vulnerable stores which were leaking the &#8220;sales data of Shopify merchants that includes a monthly breakdown of revenue in USD of thousands of stores from 2015 until today.&#8221;<\/p>\n<p>&#8220;We have a list of vulnerable stores, so if we query any of them, we would get a breakdown of monthly revenue data in USD of the current store during its lifetime,&#8221; the researcher added.<\/p>\n<p>The image below is an example of one shop owner&#8217;s revenue from 2015 until 2019.<\/p>\n<p><a rel=\"nofollow\" href=\"https:\/\/www.zdnet.com\/article\/shopify-api-flaw-offered-access-to-revenue-traffic-data-of-thousands-of-stores\/#modal-absolute-e130dda1-2190-480c-a729-8dc3f64757d0\" data-open=\"modal\"><span class=\"img aspect-set\"><img decoding=\"async\" src=\"https:\/\/zdnet2.cbsistatic.com\/hub\/i\/r\/2019\/04\/18\/e130dda1-2190-480c-a729-8dc3f64757d0\/resize\/470xauto\/2568b5547caecb08161275c41dcc5146\/1-botbjkm6bvvlz-cj5hbuda.jpg\" class alt=\"1-botbjkm6bvvlz-cj5hbuda.jpg\" height=\"auto\" width=\"470\"><\/span><\/a><\/p>\n<div class=\"modal infographic\" id=\"modal-absolute-e130dda1-2190-480c-a729-8dc3f64757d0\">\n<div class=\"modal-body\"><span class=\"img\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/zdnet4.cbsistatic.com\/hub\/i\/r\/2019\/04\/18\/e130dda1-2190-480c-a729-8dc3f64757d0\/resize\/1170x878\/002e138a6f713bd6a09a7b9e09abda15\/1-botbjkm6bvvlz-cj5hbuda.jpg\" class alt height=\"878\" width=\"1170\"><\/span><\/div>\n<\/div>\n<p><strong>See also:&nbsp;<\/strong><a href=\"https:\/\/www.zdnet.com\/article\/eu-to-fund-bug-bounty-programs-for-14-open-source-projects-starting-january-2019\/\" target=\"_blank\">EU to fund bug bounty programs for 14 open source projects starting January 2019<\/a><\/p>\n<p>&#8220;This was tested on 800,000 merchant stores, +12,100 of them were exposed, +8700 were vulnerable stores that we were able to obtain their sales and traffic data and they should not be public, and 3400 are expected to have their sales data public,&#8221; Fathi said.<\/p>\n<p>Based on these findings, the researcher concluded that the leak was caused by the Shopify Exchange App, which was introduced a few months before the vulnerability seems to have appeared.<\/p>\n<p><strong>TechRepublic:&nbsp;<\/strong><a href=\"https:\/\/www.techrepublic.com\/article\/how-criminals-use-fraud-guides-from-the-dark-web-to-scam-organizations-and-individuals\/?ftag=CMG-01-10aaa1b\" target=\"_blank\" rel=\"noopener noreferrer\">How criminals use fraud guides from the Dark Web to scam organizations and individuals<\/a><\/p>\n<p>The findings were sent to Spotify on 13 October 2019. The e-commerce platform acknowledged the findings three days later, fixing the issue within an hour of triage. Shopify then requested more information and the issue was closed on November 1.<\/p>\n<p>Shopify has resolved the leak but chose not to award a bug bounty payout. The company cited policy violations as the reason.<\/p>\n<p>During the researcher&#8217;s exploration, he &#8220;interacted with shops other than those created by [him],&#8221; which is in breach of the firm&#8217;s bug bounty rules.<\/p>\n<p>In an email to Fathi, Shopify said:<\/p>\n<blockquote readability=\"9\">\n<p>&#8220;While we appreciate you were trying to demonstrate the impact of the identified issue, intentionally accessing information of other merchants and not immediately reporting this to us is of significant concern to Shopify. As a result, this report will not be awarded a bug bounty.&#8221;<\/p>\n<\/blockquote>\n<p>The researcher believes the accusation related to not immediately reporting the bug is unfair considering the time it took to confirm the legitimacy of the security flaw. However, Fathi does accept that he broke the rules &#8212; but emphasized that this took place with the &#8220;best intention to demonstrate an impact and avoid sending a theoretical report without any working proof of concept.&#8221;<\/p>\n<p><strong>CNET:&nbsp;<\/strong><a href=\"https:\/\/www.cnet.com\/news\/lyft-reportedly-limits-employees-access-to-customer-data\/?ftag=CMG-01-10aaa1b\" target=\"_blank\" rel=\"noopener noreferrer\">Lyft reportedly limits employees&#8217; access to customer data<\/a><\/p>\n<p>&#8220;I believe that I had no other way to demonstrate the existence of this particular security vulnerability if I have not proceeded it the way I did,&#8221; the researcher added. &#8220;Quite frankly, even the outcome of this report was not as expected, [&#8230;] it&#8217;s my fault at the end.&#8221;<\/p>\n<p>ZDNet has reached out to Shopify and will update if we hear back.&nbsp;<\/p>\n<h3>Previous and related coverage<\/h3>\n<p>READ MORE <a href=\"https:\/\/www.zdnet.com\/article\/shopify-api-flaw-offered-access-to-revenue-traffic-data-of-thousands-of-stores\/#ftag=RSSbaffb68\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The bug was accepted as valid, but the researcher wasn\u2019t paid.<br \/>\nREAD MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":26844,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[62],"tags":[],"class_list":["post-26843","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-zdnet-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Shopify API flaw offered access to revenue data of thousands of stores 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/shopify-api-flaw-offered-access-to-revenue-data-of-thousands-of-stores\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Shopify API flaw offered access to revenue data of thousands of stores 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/shopify-api-flaw-offered-access-to-revenue-data-of-thousands-of-stores\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2019-04-18T11:26:44+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/04\/shopify-api-flaw-offered-access-to-revenue-data-of-thousands-of-stores.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"470\" \/>\n\t<meta property=\"og:image:height\" content=\"910\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/shopify-api-flaw-offered-access-to-revenue-data-of-thousands-of-stores\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/shopify-api-flaw-offered-access-to-revenue-data-of-thousands-of-stores\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Shopify API flaw offered access to revenue data of thousands of stores\",\"datePublished\":\"2019-04-18T11:26:44+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/shopify-api-flaw-offered-access-to-revenue-data-of-thousands-of-stores\\\/\"},\"wordCount\":715,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/shopify-api-flaw-offered-access-to-revenue-data-of-thousands-of-stores\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/04\\\/shopify-api-flaw-offered-access-to-revenue-data-of-thousands-of-stores.jpg\",\"articleSection\":[\"ZDNet | Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/shopify-api-flaw-offered-access-to-revenue-data-of-thousands-of-stores\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/shopify-api-flaw-offered-access-to-revenue-data-of-thousands-of-stores\\\/\",\"name\":\"Shopify API flaw offered access to revenue data of thousands of stores 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/shopify-api-flaw-offered-access-to-revenue-data-of-thousands-of-stores\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/shopify-api-flaw-offered-access-to-revenue-data-of-thousands-of-stores\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/04\\\/shopify-api-flaw-offered-access-to-revenue-data-of-thousands-of-stores.jpg\",\"datePublished\":\"2019-04-18T11:26:44+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/shopify-api-flaw-offered-access-to-revenue-data-of-thousands-of-stores\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/shopify-api-flaw-offered-access-to-revenue-data-of-thousands-of-stores\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/shopify-api-flaw-offered-access-to-revenue-data-of-thousands-of-stores\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/04\\\/shopify-api-flaw-offered-access-to-revenue-data-of-thousands-of-stores.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/04\\\/shopify-api-flaw-offered-access-to-revenue-data-of-thousands-of-stores.jpg\",\"width\":470,\"height\":910},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/shopify-api-flaw-offered-access-to-revenue-data-of-thousands-of-stores\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Shopify API flaw offered access to revenue data of thousands of stores\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Shopify API flaw offered access to revenue data of thousands of stores 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/shopify-api-flaw-offered-access-to-revenue-data-of-thousands-of-stores\/","og_locale":"en_US","og_type":"article","og_title":"Shopify API flaw offered access to revenue data of thousands of stores 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/shopify-api-flaw-offered-access-to-revenue-data-of-thousands-of-stores\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2019-04-18T11:26:44+00:00","og_image":[{"width":470,"height":910,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/04\/shopify-api-flaw-offered-access-to-revenue-data-of-thousands-of-stores.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/shopify-api-flaw-offered-access-to-revenue-data-of-thousands-of-stores\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/shopify-api-flaw-offered-access-to-revenue-data-of-thousands-of-stores\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Shopify API flaw offered access to revenue data of thousands of stores","datePublished":"2019-04-18T11:26:44+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/shopify-api-flaw-offered-access-to-revenue-data-of-thousands-of-stores\/"},"wordCount":715,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/shopify-api-flaw-offered-access-to-revenue-data-of-thousands-of-stores\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/04\/shopify-api-flaw-offered-access-to-revenue-data-of-thousands-of-stores.jpg","articleSection":["ZDNet | Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/shopify-api-flaw-offered-access-to-revenue-data-of-thousands-of-stores\/","url":"https:\/\/www.threatshub.org\/blog\/shopify-api-flaw-offered-access-to-revenue-data-of-thousands-of-stores\/","name":"Shopify API flaw offered access to revenue data of thousands of stores 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/shopify-api-flaw-offered-access-to-revenue-data-of-thousands-of-stores\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/shopify-api-flaw-offered-access-to-revenue-data-of-thousands-of-stores\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/04\/shopify-api-flaw-offered-access-to-revenue-data-of-thousands-of-stores.jpg","datePublished":"2019-04-18T11:26:44+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/shopify-api-flaw-offered-access-to-revenue-data-of-thousands-of-stores\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/shopify-api-flaw-offered-access-to-revenue-data-of-thousands-of-stores\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/shopify-api-flaw-offered-access-to-revenue-data-of-thousands-of-stores\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/04\/shopify-api-flaw-offered-access-to-revenue-data-of-thousands-of-stores.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/04\/shopify-api-flaw-offered-access-to-revenue-data-of-thousands-of-stores.jpg","width":470,"height":910},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/shopify-api-flaw-offered-access-to-revenue-data-of-thousands-of-stores\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Shopify API flaw offered access to revenue data of thousands of stores"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/26843","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=26843"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/26843\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/26844"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=26843"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=26843"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=26843"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}