Shopify is asking customers to change their passwords in the wake of a large security breach. The report comes less than a month after Shopify said “rogue” employees had siphoned usernames and encrypted credit card data. Shopify has admitted the data breach was a result of the attackers taking advantage of “a security flaw.”
The thieves gained access to customer and merchant data. In particular, Shopify says the information compromised was credit card numbers, payment card expiration dates, and user names. The hackers are believed to have accessed 2.8 million payment cards and the data of 280,000 Shopify merchants. The attack occurred between February and March this year.
Those affected include customers who visited the company’s website, downloaded a code, or installed one of a number of plugins on their Shopify account. Currently, Shopify is working to remove all the malicious software found on its systems.
Shopify’s John Hall said that the company has changed its payment processing processes to make it harder for the hackers to access card information, which could result in less merchants potentially losing money from fraudulent transactions.
Shopify added that security experts are currently investigating the breach. So far, it’s still unclear what the perpetrators did with this valuable information.