A researcher has uncovered a high-severity vulnerability in an e-commerce software platform used by 800,000 different online merchants. The vulnerability could have been abused to expose the traffic and revenue data for the stores. Shopify has since patched the flaw, which was first disclosed to Shopify in Oct. 13 2018, and fixed three days later. The bug-bounty program states participants may only test against shops they created; they cannot attempt to access or interact with other shops created; and must report any discovered vulnerability to the company.
Source: https://threatpost.com/shopify-flaw-exposed-merchant-revenue-traffic/143902/