Shopify reports that two rogue employees stole data from 200 merchants on their platform. A security researcher found a vulnerability in the Medium Partner Program could have allowed an attacker to steal writers’ earnings. Symantec reports that a state-sponsored hacking group has been hiding out in company networks as a part of an information-stealing campaign. And Twitter reports that an API bug exposed app keys and tokens via a caching issue.
Here are timestamps and links in case you’d like to jump around, and a transcript is below.
0:12 Shopify Says ‘Rogue’ Employees Stole Data From Merchants
1:15 Flaw in