New Delhi, Tech Desk. The sensitive data of over four million mobile phone users is at risk of being hacked after cyber security researchers on Friday disclosed a critical security flaw in Shopify application programming interface (API) keys/tokens. Today we will give you all the information related to it.
information found in the report
CloudSEK’s BeVigil, a security search engine used for mobile apps, revealed some cyber vulnerabilities for Shopify that put sensitive data of more than four million mobile customers at risk.
Threat on e-commerce apps
Out of millions of Android apps, 21 e-commerce apps were identified, 22 of which had hardcoded Shopify API keys/tokens, potentially exposing personally identifiable information (PII) to threats. Hardcoding an API key makes the keys visible to anyone with access to the code, including attackers or unauthenticated users.
Will be able to access important information
Security researchers said that if an attacker gains access to the hardcoded key, they can use it to access sensitive data or perform actions on behalf of programs, even if they are not authorized to do so.
CloudSec senior security engineer Vishal Singh said the presence of hardcoded Shopify keys in other Android apps is another example of the industry’s lack of proper API security. This type of vulnerability exposes users’ personal information, as well as transaction and order details, to potential attackers.
What is Shopify?
Shopify is an e-commerce platform that allows individuals and businesses to set up an online store to sell their products. Shopify is used by over 4.4 million websites from over 175 countries globally.
It also allows integration of third-party applications and plugins to add additional functionality to the store with ease of creating an online store. Shopify can be used to sell physical and digital products, and it also offers a point-of-sale system for brick-and-mortar stores.
Read more : Android 14: The first Android update of 2023 will change the look of your phone
