ADVERTISEMENT

Shopify plugins leaked data from nearly 2K stores

A vast amount of sensitive data of unsuspecting shoppers was exposed to threat actors by the e-commerce giant’s plugin developer, with millions of orders being leaked.

Spofitfy plugins Saara

Image by Cybernews

Paulina Okunytė
Paulina Okunytė Senior Journalist
Mar 26, 2024 Updated: 8 December 2025 2 min read
Order Analytics entries revealing ordered items, email addresses
Order Analytics entries revealing ordered items, email addresses
  • EcoReturns: for AI-powered returns
  • WyseMe: to acquire top shoppers
  • EcoShip: for discounted shipping
  • SalesGPT: and AI e-commerce chatbot
Order details including payment information, addresses, names, phone numbers, ordered items
Order details including payment information, addresses, names, phone numbers, ordered items
Saara plugin
More order details revealing ordered items, tracking tokens, user agents, email addresses, IP addresses
ADVERTISEMENT
  • Customer names
  • Email addresses
  • Phone numbers
  • Addresses
  • Information about ordered items
  • Order tracking numbers and links
  • IP addresses
  • User agents
  • Partial payment information
Saata plugins leak
Incentive program for giving store credits instead of processing returns

Caution with third-party services

  • Snitch
  • Bliss Club
  • Steve Madden
  • The Tribe Concepts
  • Mesmerize India
  • Scoboo.in
  • By Invite Only
  • Baesic World
  • Fitville
  • OneOne Swimwear
  • Binky Bro
  • Off Duty India
List of shops
List of shops using the affected plugins and their license tokens
More customer details
More customer details
ADVERTISEMENT