Disputifier Shopify App Hack Exposes 200,000+ Merchant Records
Exposed API tokens in Disputifier's frontend allowed attackers to process unauthorized refunds and exfiltrate data from Shopify merchants. The app was delisted after the company allegedly refused bug bounty negotiations.