{"id":1776,"date":"2023-02-15T12:26:19","date_gmt":"2023-02-15T12:26:19","guid":{"rendered":"https:\/\/secry.me\/explore\/?p=1776"},"modified":"2023-06-24T11:13:53","modified_gmt":"2023-06-24T11:13:53","slug":"15000-usd-shopify-account-takeover-vulnerability-through-email-confirmation-bypass","status":"publish","type":"post","link":"https:\/\/secry.me\/explore\/15000-usd-shopify-account-takeover-vulnerability-through-email-confirmation-bypass\/","title":{"rendered":"15000 USD Shopify Account Takeover Vulnerability Through Email Confirmation Bypass"},"content":{"rendered":"<div class=\"c7f5092f831f91fb6af859cc3a8052cc\" data-index=\"4\" style=\"float: none; margin:10px 0 10px 0; text-align:center;\">\n<script async src=\"https:\/\/securepubads.g.doubleclick.net\/tag\/js\/gpt.js\"><\/script>\r\n<script>\r\n  window.googletag = window.googletag || {cmd: []};\r\n  googletag.cmd.push(function() {\r\n    googletag.defineSlot('\/22608490431\/iklan1', [[320, 100], [300, 50]], 'div-gpt-ad-1696178236578-0').addService(googletag.pubads());\r\n    googletag.pubads().enableSingleRequest();\r\n    googletag.enableServices();\r\n  });\r\n<\/script>\r\n<!-- \/22608490431\/iklan1 -->\r\n<div id='div-gpt-ad-1696178236578-0' style='min-width: 300px; min-height: 50px;'>\r\n  <script>\r\n    googletag.cmd.push(function() { googletag.display('div-gpt-ad-1696178236578-0'); });\r\n  <\/script>\r\n<\/div>\n<\/div>\n<h2>What is Account Takeover?<\/h2>\n<p><strong>Account takeover<\/strong> (ATO) is a type of cyber attack where an unauthorized person gains access to a user&#8217;s account. This can happen due to various factors such as weak passwords, phishing attacks, or unpatched software. Attackers can use the compromised account to perform fraudulent activities or steal sensitive information.<\/p>\n<p>&nbsp;<\/p>\n<h2>The Story<\/h2>\n<p><em>In 2020, a security researcher known as &#8220;<strong><a href=\"https:\/\/hackerone.com\/ngalog?type=user\">ngalog<\/a>&#8220;<\/strong> revealed a significant security flaw in <strong>Shopify&#8217;s email confirmation system<\/strong><\/em> thus allowing one to escalate it to a <a href=\"https:\/\/secry.me\/explore\/bug-bounty\/15000-usd-shopify-account-takeover-vulnerability-through-email-confirmation-bypass\/\">shopify account takeover<\/a>.<em> According to the report, any individual could take over any store account through bypassing the email confirmation step on <strong>*.myshopify.com<\/strong>. The researcher found a way to confirm arbitrary emails, and after confirming an arbitrary email in *.myshopify.com, the user would then be able to integrate with other Shopify stores that share the same email address by setting a master password for all of the stores, effectively taking over every Shopify store by knowing just the owner&#8217;s email address.<\/em><\/p>\n<p>&nbsp;<\/p>\n<h2>Ngalog Explain Step by Step To Reproduce<\/h2>\n<p>The flaw occurs because Shopify&#8217;s email system mistakenly sending the confirmation link for a new email address address to the one used to sign up.<\/p>\n<p>The bug in the email system allows users to confirm an arbitrary email address, leading to a takeover of the user&#8217;s Shopify instance by taking advantage of the <strong>Single Sign-On<\/strong> (SSO).<\/p>\n<p>The steps to reproduce the vulnerability are simple. One needs to visit the Shopify website and sign up for a free trial with an email address that can receive emails.<\/p>\n<p>Then, the user must change their email address to someone they want to take over and save it. Upon receiving the confirmation email, the user can click on the link sent by the email system and confirm the arbitrary email address.<\/p>\n<p>With the ability to confirm arbitrary emails on *.myshopify.com, the attacker can leverage the SSO to set a master password for all other stores under the same email address. This way, the attacker gains access to all the stores connected to the email address.<\/p>\n<p>&nbsp;<\/p>\n<h2>Earn a USD 15,000 Bounty and USD 1,000 for being the Most Impactful Hacker in Shopify<\/h2>\n<p>This flaw has significant security implications, and Shopify has recognized this by rewarding ngalog with a total of <strong>$15,000<\/strong>.<\/p>\n<p>Shopify has also offered a <strong>$1,000<\/strong> reward to the most impactful hacker of 2020 based on the number of valid reports and bounties earned.<\/p>\n<p>Shopify urged all its users to update their passwords and check their email records for any suspicious activities. The company also released a patch to fix the vulnerability in its email confirmation system. As the security researcher&#8217;s report shows, even big companies like Shopify can still have vulnerabilities that can be exploited by hackers.<\/p>\n<p>Hence, it is essential to remain vigilant and implement security measures to prevent any unauthorized access to sensitive information.<\/p>\n<p>&nbsp;<\/p>\n<h2>How to Prevent Account Takeover?<\/h2>\n<p>To prevent account takeover, it is essential to implement several measures to protect user accounts from unauthorized access. One of the most important measures is to encourage users to create strong and unique passwords for each account. Passwords should be complex and difficult to guess, and users should avoid using the same password across multiple accounts.<\/p>\n<p>Here are some steps to prevent Account Takeover:<\/p>\n<ol>\n<li>Multi-factor authentication is another essential measure to prevent account takeover. By requiring additional authentication factors beyond passwords, such as SMS codes, biometric scans, or security tokens, fingerprint, multi-factor authentication (2fa) provides an extra layer of security to protect against unauthorized access.<\/li>\n<li>Conduct regular security testing: Conduct regular security testing to identify vulnerabilities and weaknesses in the application, including penetration testing, vulnerability scanning, and code review.<\/li>\n<li>Implement security best practices: Ensure that application development follows security best practices, such as implementing hashing in parameter or value, using salting passwords, and using secure coding techniques.<\/li>\n<li>Regular security updates and patches are also critical for preventing account takeover. Keeping software, firmware, and operating systems up-to-date ensures that known vulnerabilities are patched and that the account is secured against potential threats.<\/li>\n<li>Use access controls: Implement access controls to limit access to sensitive parts of the application and data. This includes role-based access control (RBAC), permission levels, and authentication and authorization mechanisms.<\/li>\n<li>In addition, monitoring user accounts for suspicious activity can help prevent account takeover. By analyzing login patterns and user behavior, security teams can quickly detect and respond to potential security breaches before they cause significant damage.<\/li>\n<li>Finally, user education and awareness are also essential for preventing account takeover. Users should be educated on best practices for creating and managing strong passwords, how to detect and report suspicious activity, and how to avoid phishing and social engineering attacks.<\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Hackerone Report: <\/strong><a href=\"https:\/\/secry.me\/explore\/87jo\"><em>here<\/em><\/a><\/p>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban_overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n\n<div style=\"font-size: 0px; height: 0px; line-height: 0px; margin: 0; padding: 0; clear: both;\"><\/div>","protected":false},"excerpt":{"rendered":"<p>What is Account Takeover? Account takeover (ATO) is a type of cyber attack where an unauthorized person gains access to a user&#8217;s account. This can happen due to various factors such as weak passwords, phishing attacks, or unpatched software. Attackers can use the compromised account to perform fraudulent activities or steal sensitive information. &nbsp; The [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1778,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[107,136,106],"tags":[157,13,177,159,176],"class_list":{"0":"post-1776","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-account-takeover","8":"category-bug-bounty","9":"category-takeover","10":"tag-accountakeover","11":"tag-bug-bounty","12":"tag-email-system","13":"tag-shopify","14":"tag-store-takeover"},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v21.4 (Yoast SEO v27.6) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>15000 USD Shopify Account Takeover Vulnerability Through Email Confirmation Bypass | SECRY<\/title>\n<meta name=\"description\" content=\"What is Account Takeover? Account takeover (ATO) is a type of cyber attack where an unauthorized person gains access to a user&#039;s account. This can happen\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/secry.me\/explore\/15000-usd-shopify-account-takeover-vulnerability-through-email-confirmation-bypass\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"15000 USD Shopify Account Takeover Vulnerability Through Email Confirmation Bypass | SECRY\" \/>\n<meta property=\"og:description\" content=\"What is Account Takeover? Account takeover (ATO) is a type of cyber attack where an unauthorized person gains access to a user&#039;s account. This can happen\" \/>\n<meta property=\"og:url\" content=\"https:\/\/secry.me\/explore\/15000-usd-shopify-account-takeover-vulnerability-through-email-confirmation-bypass\/\" \/>\n<meta property=\"og:site_name\" content=\"SECRY\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/secry.me\" \/>\n<meta property=\"article:published_time\" content=\"2023-02-15T12:26:19+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-06-24T11:13:53+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/secryweb.sirv.com\/WP_secry.me\/2023\/02\/15.000-USD-Account-Takeover.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"720\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Christin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Christin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"NewsArticle\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/15000-usd-shopify-account-takeover-vulnerability-through-email-confirmation-bypass\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/15000-usd-shopify-account-takeover-vulnerability-through-email-confirmation-bypass\\\/\"},\"author\":{\"name\":\"Christin\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/person\\\/bf08de9f590b8968a1d054728257190f\"},\"headline\":\"15000 USD Shopify Account Takeover Vulnerability Through Email Confirmation Bypass\",\"datePublished\":\"2023-02-15T12:26:19+00:00\",\"dateModified\":\"2023-06-24T11:13:53+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/15000-usd-shopify-account-takeover-vulnerability-through-email-confirmation-bypass\\\/\"},\"wordCount\":790,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/15000-usd-shopify-account-takeover-vulnerability-through-email-confirmation-bypass\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/15.000-USD-Account-Takeover.png\",\"keywords\":[\"Account Takeover\",\"Bug Bounty\",\"Email System\",\"shopify\",\"Store Takeover\"],\"articleSection\":[\"Account Takeover\",\"Bug Bounty\",\"Takeover\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/secry.me\\\/explore\\\/15000-usd-shopify-account-takeover-vulnerability-through-email-confirmation-bypass\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/15000-usd-shopify-account-takeover-vulnerability-through-email-confirmation-bypass\\\/\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/15000-usd-shopify-account-takeover-vulnerability-through-email-confirmation-bypass\\\/\",\"name\":\"15000 USD Shopify Account Takeover Vulnerability Through Email Confirmation Bypass | SECRY\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/15000-usd-shopify-account-takeover-vulnerability-through-email-confirmation-bypass\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/15000-usd-shopify-account-takeover-vulnerability-through-email-confirmation-bypass\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/15.000-USD-Account-Takeover.png\",\"datePublished\":\"2023-02-15T12:26:19+00:00\",\"dateModified\":\"2023-06-24T11:13:53+00:00\",\"description\":\"What is Account Takeover? Account takeover (ATO) is a type of cyber attack where an unauthorized person gains access to a user's account. This can happen\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/15000-usd-shopify-account-takeover-vulnerability-through-email-confirmation-bypass\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/secry.me\\\/explore\\\/15000-usd-shopify-account-takeover-vulnerability-through-email-confirmation-bypass\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/15000-usd-shopify-account-takeover-vulnerability-through-email-confirmation-bypass\\\/#primaryimage\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/15.000-USD-Account-Takeover.png\",\"contentUrl\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/15.000-USD-Account-Takeover.png\",\"width\":1280,\"height\":720,\"caption\":\"shopify account takeover\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/15000-usd-shopify-account-takeover-vulnerability-through-email-confirmation-bypass\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/secry.me\\\/explore\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"15000 USD Shopify Account Takeover Vulnerability Through Email Confirmation Bypass\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#website\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/\",\"name\":\"SECRY\",\"description\":\"#1 Cyber [SEC]urity Sto[RY]  -  News &amp; Bug Bounty Story Collections\",\"publisher\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#organization\"},\"alternateName\":\"Security Story\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/secry.me\\\/explore\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#organization\",\"name\":\"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections\",\"alternateName\":\"SECRY\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/secryweb.sirv.com\\\/WP_secry.me\\\/2022\\\/06\\\/cropped-SECRY.webp\",\"contentUrl\":\"https:\\\/\\\/secryweb.sirv.com\\\/WP_secry.me\\\/2022\\\/06\\\/cropped-SECRY.webp\",\"width\":512,\"height\":512,\"caption\":\"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections\"},\"image\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/secry.me\",\"https:\\\/\\\/pinterest.com\\\/secry_me\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/person\\\/bf08de9f590b8968a1d054728257190f\",\"name\":\"Christin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g\",\"caption\":\"Christin\"},\"description\":\"A cybersecurity practitioner with more than 5 years of experience in the cybersecurity world. Has an interest in creating simple blog websites, learning about SEO and graphic design, writing, AI, and understanding the concepts of journalism. Intentionally created this website to make the world of cybersecurity more engaging by combining it with journalistic principles and presenting cybersecurity stories that are easy to understand, which can help anyone who wants to develop in the cybersecurity world.\",\"sameAs\":[\"https:\\\/\\\/secry.me\\\/explore\"],\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/author\\\/secry\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"15000 USD Shopify Account Takeover Vulnerability Through Email Confirmation Bypass | SECRY","description":"What is Account Takeover? Account takeover (ATO) is a type of cyber attack where an unauthorized person gains access to a user's account. This can happen","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/secry.me\/explore\/15000-usd-shopify-account-takeover-vulnerability-through-email-confirmation-bypass\/","og_locale":"en_US","og_type":"article","og_title":"15000 USD Shopify Account Takeover Vulnerability Through Email Confirmation Bypass | SECRY","og_description":"What is Account Takeover? Account takeover (ATO) is a type of cyber attack where an unauthorized person gains access to a user's account. This can happen","og_url":"https:\/\/secry.me\/explore\/15000-usd-shopify-account-takeover-vulnerability-through-email-confirmation-bypass\/","og_site_name":"SECRY","article_publisher":"https:\/\/www.facebook.com\/secry.me","article_published_time":"2023-02-15T12:26:19+00:00","article_modified_time":"2023-06-24T11:13:53+00:00","og_image":[{"width":1280,"height":720,"url":"https:\/\/secryweb.sirv.com\/WP_secry.me\/2023\/02\/15.000-USD-Account-Takeover.png","type":"image\/png"}],"author":"Christin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Christin","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/secry.me\/explore\/15000-usd-shopify-account-takeover-vulnerability-through-email-confirmation-bypass\/#article","isPartOf":{"@id":"https:\/\/secry.me\/explore\/15000-usd-shopify-account-takeover-vulnerability-through-email-confirmation-bypass\/"},"author":{"name":"Christin","@id":"https:\/\/secry.me\/explore\/#\/schema\/person\/bf08de9f590b8968a1d054728257190f"},"headline":"15000 USD Shopify Account Takeover Vulnerability Through Email Confirmation Bypass","datePublished":"2023-02-15T12:26:19+00:00","dateModified":"2023-06-24T11:13:53+00:00","mainEntityOfPage":{"@id":"https:\/\/secry.me\/explore\/15000-usd-shopify-account-takeover-vulnerability-through-email-confirmation-bypass\/"},"wordCount":790,"commentCount":0,"publisher":{"@id":"https:\/\/secry.me\/explore\/#organization"},"image":{"@id":"https:\/\/secry.me\/explore\/15000-usd-shopify-account-takeover-vulnerability-through-email-confirmation-bypass\/#primaryimage"},"thumbnailUrl":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/02\/15.000-USD-Account-Takeover.png","keywords":["Account Takeover","Bug Bounty","Email System","shopify","Store Takeover"],"articleSection":["Account Takeover","Bug Bounty","Takeover"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/secry.me\/explore\/15000-usd-shopify-account-takeover-vulnerability-through-email-confirmation-bypass\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/secry.me\/explore\/15000-usd-shopify-account-takeover-vulnerability-through-email-confirmation-bypass\/","url":"https:\/\/secry.me\/explore\/15000-usd-shopify-account-takeover-vulnerability-through-email-confirmation-bypass\/","name":"15000 USD Shopify Account Takeover Vulnerability Through Email Confirmation Bypass | SECRY","isPartOf":{"@id":"https:\/\/secry.me\/explore\/#website"},"primaryImageOfPage":{"@id":"https:\/\/secry.me\/explore\/15000-usd-shopify-account-takeover-vulnerability-through-email-confirmation-bypass\/#primaryimage"},"image":{"@id":"https:\/\/secry.me\/explore\/15000-usd-shopify-account-takeover-vulnerability-through-email-confirmation-bypass\/#primaryimage"},"thumbnailUrl":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/02\/15.000-USD-Account-Takeover.png","datePublished":"2023-02-15T12:26:19+00:00","dateModified":"2023-06-24T11:13:53+00:00","description":"What is Account Takeover? Account takeover (ATO) is a type of cyber attack where an unauthorized person gains access to a user's account. This can happen","breadcrumb":{"@id":"https:\/\/secry.me\/explore\/15000-usd-shopify-account-takeover-vulnerability-through-email-confirmation-bypass\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/secry.me\/explore\/15000-usd-shopify-account-takeover-vulnerability-through-email-confirmation-bypass\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secry.me\/explore\/15000-usd-shopify-account-takeover-vulnerability-through-email-confirmation-bypass\/#primaryimage","url":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/02\/15.000-USD-Account-Takeover.png","contentUrl":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/02\/15.000-USD-Account-Takeover.png","width":1280,"height":720,"caption":"shopify account takeover"},{"@type":"BreadcrumbList","@id":"https:\/\/secry.me\/explore\/15000-usd-shopify-account-takeover-vulnerability-through-email-confirmation-bypass\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/secry.me\/explore\/"},{"@type":"ListItem","position":2,"name":"15000 USD Shopify Account Takeover Vulnerability Through Email Confirmation Bypass"}]},{"@type":"WebSite","@id":"https:\/\/secry.me\/explore\/#website","url":"https:\/\/secry.me\/explore\/","name":"SECRY","description":"#1 Cyber [SEC]urity Sto[RY]  -  News &amp; Bug Bounty Story Collections","publisher":{"@id":"https:\/\/secry.me\/explore\/#organization"},"alternateName":"Security Story","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/secry.me\/explore\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/secry.me\/explore\/#organization","name":"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections","alternateName":"SECRY","url":"https:\/\/secry.me\/explore\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secry.me\/explore\/#\/schema\/logo\/image\/","url":"https:\/\/secryweb.sirv.com\/WP_secry.me\/2022\/06\/cropped-SECRY.webp","contentUrl":"https:\/\/secryweb.sirv.com\/WP_secry.me\/2022\/06\/cropped-SECRY.webp","width":512,"height":512,"caption":"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections"},"image":{"@id":"https:\/\/secry.me\/explore\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/secry.me","https:\/\/pinterest.com\/secry_me"]},{"@type":"Person","@id":"https:\/\/secry.me\/explore\/#\/schema\/person\/bf08de9f590b8968a1d054728257190f","name":"Christin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g","caption":"Christin"},"description":"A cybersecurity practitioner with more than 5 years of experience in the cybersecurity world. Has an interest in creating simple blog websites, learning about SEO and graphic design, writing, AI, and understanding the concepts of journalism. Intentionally created this website to make the world of cybersecurity more engaging by combining it with journalistic principles and presenting cybersecurity stories that are easy to understand, which can help anyone who wants to develop in the cybersecurity world.","sameAs":["https:\/\/secry.me\/explore"],"url":"https:\/\/secry.me\/explore\/author\/secry\/"}]}},"_links":{"self":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts\/1776","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/comments?post=1776"}],"version-history":[{"count":21,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts\/1776\/revisions"}],"predecessor-version":[{"id":2590,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts\/1776\/revisions\/2590"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/media\/1778"}],"wp:attachment":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/media?parent=1776"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/categories?post=1776"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/tags?post=1776"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}