ADVERTISEMENT

Shopify plugin exposes hundreds of websites to attacks

A trusted Shopify plugin designed to enforce privacy compliance ended up quietly exposing hundreds of online stores to serious security threats.

shopify plugin

Image by Cybernews

Paulina Okunytė
Paulina Okunytė Senior Journalist
Jul 15, 2025 Updated: 15 July 2025 2 min read
Key takeaways:
Leaking plugin’s position on the Shopify App Store
Leaking plugin’s position on the Shopify App Store
Has my data been leaked?
Leaked Facebook tokens
Leaked Facebook tokens
ADVERTISEMENT

Attackers could take over e-shops

  • Site analytics data
  • Shopify Personal Access Tokens
  • Facebook Auth Tokens
Leaked Shopify personal access tokens
Leaked Shopify personal access tokens
vilius Gintaras Radauskas Ernestas Naprys Paulina Okunyte
Don’t miss our latest stories on Google News.
Add us as your Preferred Source on Google.
Other leaked tokens
Other leaked tokens

Timeline:

  • Leak discovered: April 15th, 2025
  • Initial disclosure: April 18th, 2025
  • Leak closed: May 28th, 2025
ADVERTISEMENT