Names, emails, addresses and products purchased by each customer of the Spanish online sex shop Platanomelón have been filtered

In July 2020, the online commerce platform Shopify reported an incident in which two of its technical support employees participated in a plan to obtain customer transaction records from certain merchants.

Those employees were immediately fired and an investigation was launched involving authorities, including the FBI. However, it was not until the end of the year in question that Spotify informed the Spanish portal Platanomelón that they had been one of the victims of the incident.

It was not a technical but human vulnerability

Shopify The Exterior 1 Blog

The breach led to the exposure of personal data of store customers, including names, surnames, email addresses, home address, telephone numbers, and even products purchased by each customer.

Platanomelón is a well-known Spanish erotic online store, so these types of personal data could expose affected customers to cyber extortion. The web sent an email to all its clients explaining in detail what happened, clarifying that at no time were financial data or passwords exposedas these are not stored in Shopify.

Privacy on the Internet does not exist and the Ashley Madison case is yet another proof

The online store also notified the Spanish Data Protection Agency and they say they do not expect any further negative consequences, essentially because it was not a technical glitch, but the result of two rogue Shopify employees.

The recommendation of The experts In case of being affected by an extortion campaign not to spread this data, it is to ignore them and report them. Unlike cases like those of the famous website for adulterers Ashley Madison, it is not known that this data has been made public so far somewhere on the web, and although they have less scandalous potential for those affected, it is not completely harmless.