Shopify customer database compromise at Seiko USA following website defacement
Summary
Hide ▲
Show ▼
Seiko USA’s website was defaced over the weekend with a ransom demand falsely claiming the theft of its Shopify customer database. Visitors to the Press Lounge section encountered an attacker-controlled page alleging full compromise of Shopify backend systems. The threat actors threatened to publish exfiltrated customer data unless a ransom was paid within 72 hours. The claimed stolen dataset includes names, email addresses, phone numbers, order history, transaction details, shipping addresses, shipping preferences, account creation dates, and customer notes. The attackers provided a specific Shopify account ID to verify contact and instructed Seiko USA to negotiate via an email address added to that account. The defacement was later removed by Seiko USA, but no public confirmation of the incident has been issued.
Timeline
-
20.04.2026 21:22 1 articles · 4h ago
Seiko USA Shopify customer database compromise claimed via website defacement
Website defacement in the Press Lounge section of Seiko USA’s site displayed a ransom demand alleging theft of Shopify customer data. Attackers claimed to have accessed the backend, exfiltrated customer information, and threatened data release within 72 hours unless ransom negotiations were initiated via a specified Shopify account contact method. The defacement was later removed by Seiko USA.
Show sources
- Seiko USA website defaced as hacker claims customer data theft — www.bleepingcomputer.com — 20.04.2026 21:22
Information Snippets
-
Attackers defaced the Press Lounge section of Seiko USA’s website, replacing content with a ransom demand claiming access to the company’s Shopify backend and theft of its customer database.
First reported: 20.04.2026 21:221 source, 1 articleShow sources
- Seiko USA website defaced as hacker claims customer data theft — www.bleepingcomputer.com — 20.04.2026 21:22
-
The attackers alleged they exfiltrated a Shopify customer database containing names, email addresses, phone numbers, order history, transaction details, shipping addresses, shipping preferences, account creation dates, and customer notes.
First reported: 20.04.2026 21:221 source, 1 articleShow sources
- Seiko USA website defaced as hacker claims customer data theft — www.bleepingcomputer.com — 20.04.2026 21:22
-
The extortion message instructed Seiko USA to locate and contact a specific Shopify account (ID 8069776801871), where a contact email had allegedly been added by the attackers for negotiations.
First reported: 20.04.2026 21:221 source, 1 articleShow sources
- Seiko USA website defaced as hacker claims customer data theft — www.bleepingcomputer.com — 20.04.2026 21:22
-
The attackers imposed a 72-hour deadline for Seiko USA to initiate negotiations or threatened to publish the alleged stolen data publicly.
First reported: 20.04.2026 21:221 source, 1 articleShow sources
- Seiko USA website defaced as hacker claims customer data theft — www.bleepingcomputer.com — 20.04.2026 21:22
-
Seiko USA has not publicly confirmed the incident and removed the defacement page shortly after its appearance. No attribution to a known threat actor has been established.
First reported: 20.04.2026 21:221 source, 1 articleShow sources
- Seiko USA website defaced as hacker claims customer data theft — www.bleepingcomputer.com — 20.04.2026 21:22