We’ve seen all kinds of data breaches from outside hackers, and occasionally, as happened with Twitter, breaches that occurred as outsiders phished employeee credentials for access, but for Shopify, the threat came from inside. The company’s software enables online shopping for other businesses, and in a blog post it revealed that two employees were caught “in a scheme to obtain customer transactional records of certain merchants.”
It’s unclear how much data they actually stole, which the blog post said came from fewer than 200 merchants. The information access included stuff like contact information as well as order details of what was purchased, but for now, the company says it did not include payment information like credit card or account numbers.