robutacion
Member
G'day all,
As the title says, I have had and experience with Shopify that leaves me very disappointed and AU$1,000 in losses, this is what happened.
In middle November 2017, I noticed that someone was trying to hack into my Shopify account, for days I got emails trying to convince me that they were the real thing so I contacted Shopify, reported the hack attempt and requested they support, assistance in preventing the hacker to change anything.
Emails were going backs and forwards with Shopify and some weeks have passed before I was allowed to modify my account details and more importantly introduce a 2 stage login which seems to be the safest way to do things at the moment, this 2 stage system was implemented somewhere between the 14 and 16 December 2017, by then, I had stopped to receive the hackers emails/messages and my Shopify account seemed to be OK, so I thought...!
The Shopify payments are made through 2 main systems, if you pay with Paypal, Paypal will take care of it but if you use a credit card, Shopify has offered to process these transactions where Shopify receives the money and a few days later they transfer it (once weekly or so) to the bank account I had designated for that.
This system had been working OK so, I didn't think in changing anything at this point, I have no control over what people prefer to pay with and while Paypal payments are pretty much available immediately, credit card payments will take a few days to process but that is OK.
I know that sales have been slow since the beginning of the year so, the income from sales was catchy and patchy and we have been struggling a bit but surviving. I have to admit that, I don't follow every web-store payment, I let things work for itself, Paypal payments are normally more visible with notifications, etc., but for the bank transfers, I got used to looking at my Shopify account and "payouts" made into my bank account from the list and dates provided by Shopify and as far as I could see, looking into payouts since the beginning of 2018, they all seemed to be OK however, the money available on my bank account never seemed to be enough.
Last weekend (24/25-03-2018) I decided to print a list of Shopify payouts for that period and went into my bank account to confirm the transfer of these payouts but, what I discover stunned me, the Shopify payments from January 2018 onwards were not in my bank account, further searching did allow me to establish the fact that, the last payout received on my bank account was from the 8/12/2017 all payouts after that were not entered into my account.
It took me awhile to find the problem and when I did, I immediately contacted Shopify about it.
Later that day they confirmed that on the 12 December 2017 someone changed the payout bank details on my account and that, payments have been transferred to the hackers account, a total of just over AU$1,000
The very first think Shopify said was that they were not liable for any losses and that wasn't their fault that someone got my login details and changed the account info, however, and as I mentioned at the beginning of this post, the account details changed exactly when I was still waiting to be provided with the 2 stage login and while I believed that Shopify was taking a good look at any attempts from the hacker, this happened under their watch.
By now its Wednesday and I'm still trying to make some sense of the situation, I manage to get some info from Shopify about the hackers info however, I was only given the last 4 digits of the hackers bank account and no BSB info at all. It was determined that the hacker as in the Victoria area and the account was from the National Australia Bank.
Yesterday (Thursday) we went to see my bank and NAB and explain the situation, in both cases they said they couldn't help so I went to the Police Station to report the theft and internet fraud. The Police officer as most helpful and himself could not believe the situation I got myself into, he proceeds to make 2 reports, one for the internal Police investigation and the other to ACORN (Australian Cybercrime Online Reporting Network).
The one issue the Police officer raised was the fact that, it seemed that Shopify was protecting the identity of the hacker, why only give the last 4 numbers of his bank account..? that is pretty much useless, the full account numbers and BSB are required for the investigation.
So today I contacted Shopify and expressed the Police view on Shopify unwillingness to provide the hackers full details they have on hand and also the fact that Shopify emailed me saying that they can not provide the info I require, only the Court can do that and I have to go through the appropriate requests to initiate the info required.
I'm waiting for Shopify response and I need to contact the Police of Shopify's stand on the hackers true identification, there is, the NAB bank account where my money was stolen to.
Make no confusion, I and everyone else I spoke to know that I will never see the money, hackers use these accounts as a "base" to where the stolen money is deposited into, however, there will be other attached accounts where the money is transferred to and leaving no trace.
Anyone that has had something stolen from them will understand how I/we feel, why were we targeted..? well, it may be the fact that these people look into web-stores that appear on the top of the search pages and while that has been the case with our store, is not because of the volume of sales we produce but instead from the uniqueness of the store nature and the number of people that stop to have a look.
The moral of this story is never say never, one day your turn will come and this applies to more realities I dare to mention, the one thing I suggest you do to get some extra protection from hackers (there is until hackers get on top of this), get yourself a 2 stage login, it basically works by changing your username and password and then create the second login stage but introducing a code that will be sent to a different email/phone, etc, without this code, you won't be able to login.
I will have to wait for any news from the Police and as soon as I do, you guys will be the first ones to know about it.
Take care,
Cheers
George
As the title says, I have had and experience with Shopify that leaves me very disappointed and AU$1,000 in losses, this is what happened.
In middle November 2017, I noticed that someone was trying to hack into my Shopify account, for days I got emails trying to convince me that they were the real thing so I contacted Shopify, reported the hack attempt and requested they support, assistance in preventing the hacker to change anything.
Emails were going backs and forwards with Shopify and some weeks have passed before I was allowed to modify my account details and more importantly introduce a 2 stage login which seems to be the safest way to do things at the moment, this 2 stage system was implemented somewhere between the 14 and 16 December 2017, by then, I had stopped to receive the hackers emails/messages and my Shopify account seemed to be OK, so I thought...!
The Shopify payments are made through 2 main systems, if you pay with Paypal, Paypal will take care of it but if you use a credit card, Shopify has offered to process these transactions where Shopify receives the money and a few days later they transfer it (once weekly or so) to the bank account I had designated for that.
This system had been working OK so, I didn't think in changing anything at this point, I have no control over what people prefer to pay with and while Paypal payments are pretty much available immediately, credit card payments will take a few days to process but that is OK.
I know that sales have been slow since the beginning of the year so, the income from sales was catchy and patchy and we have been struggling a bit but surviving. I have to admit that, I don't follow every web-store payment, I let things work for itself, Paypal payments are normally more visible with notifications, etc., but for the bank transfers, I got used to looking at my Shopify account and "payouts" made into my bank account from the list and dates provided by Shopify and as far as I could see, looking into payouts since the beginning of 2018, they all seemed to be OK however, the money available on my bank account never seemed to be enough.
Last weekend (24/25-03-2018) I decided to print a list of Shopify payouts for that period and went into my bank account to confirm the transfer of these payouts but, what I discover stunned me, the Shopify payments from January 2018 onwards were not in my bank account, further searching did allow me to establish the fact that, the last payout received on my bank account was from the 8/12/2017 all payouts after that were not entered into my account.
It took me awhile to find the problem and when I did, I immediately contacted Shopify about it.
Later that day they confirmed that on the 12 December 2017 someone changed the payout bank details on my account and that, payments have been transferred to the hackers account, a total of just over AU$1,000
The very first think Shopify said was that they were not liable for any losses and that wasn't their fault that someone got my login details and changed the account info, however, and as I mentioned at the beginning of this post, the account details changed exactly when I was still waiting to be provided with the 2 stage login and while I believed that Shopify was taking a good look at any attempts from the hacker, this happened under their watch.
By now its Wednesday and I'm still trying to make some sense of the situation, I manage to get some info from Shopify about the hackers info however, I was only given the last 4 digits of the hackers bank account and no BSB info at all. It was determined that the hacker as in the Victoria area and the account was from the National Australia Bank.
Yesterday (Thursday) we went to see my bank and NAB and explain the situation, in both cases they said they couldn't help so I went to the Police Station to report the theft and internet fraud. The Police officer as most helpful and himself could not believe the situation I got myself into, he proceeds to make 2 reports, one for the internal Police investigation and the other to ACORN (Australian Cybercrime Online Reporting Network).
The one issue the Police officer raised was the fact that, it seemed that Shopify was protecting the identity of the hacker, why only give the last 4 numbers of his bank account..? that is pretty much useless, the full account numbers and BSB are required for the investigation.
So today I contacted Shopify and expressed the Police view on Shopify unwillingness to provide the hackers full details they have on hand and also the fact that Shopify emailed me saying that they can not provide the info I require, only the Court can do that and I have to go through the appropriate requests to initiate the info required.
I'm waiting for Shopify response and I need to contact the Police of Shopify's stand on the hackers true identification, there is, the NAB bank account where my money was stolen to.
Make no confusion, I and everyone else I spoke to know that I will never see the money, hackers use these accounts as a "base" to where the stolen money is deposited into, however, there will be other attached accounts where the money is transferred to and leaving no trace.
Anyone that has had something stolen from them will understand how I/we feel, why were we targeted..? well, it may be the fact that these people look into web-stores that appear on the top of the search pages and while that has been the case with our store, is not because of the volume of sales we produce but instead from the uniqueness of the store nature and the number of people that stop to have a look.
The moral of this story is never say never, one day your turn will come and this applies to more realities I dare to mention, the one thing I suggest you do to get some extra protection from hackers (there is until hackers get on top of this), get yourself a 2 stage login, it basically works by changing your username and password and then create the second login stage but introducing a code that will be sent to a different email/phone, etc, without this code, you won't be able to login.
I will have to wait for any news from the Police and as soon as I do, you guys will be the first ones to know about it.
Take care,
Cheers
George
