This past weekend, VPNMentor published a report detailing a security vulnerability that occurred in November of last year. We feel it is important to offer you – our valued Bestdealer community – some relevant background information to put the incident into perspective. To be clear, there are no active security issues to be concerned with. This incident dated back to November 2020 and was swiftly resolved. It’s also worth noting that the incident in question occurred as the result of a configuration error and was not caused by outside parties attempting to access our system.
In November 2020, we were notified by Shopify of a security vulnerability detected within the Bestdealer app. As a precaution, our app was temporarily removed from the Shopify App Store while we addressed the issue.
Within 24 hours of Shopify notifying us of the issue, we had identified and resolved the vulnerability in question. We then conducted a thorough investigation to identify the source of the problem, and we subsequently took a series of actions to enforce the highest data security practices throughout our workflows to prevent similar issues from arising in the future.
To further ensure the trust and safety of our community, we contracted an outside security service provider to conduct a full penetration test. This third-party testing showed that all the vulnerabilities were patched as a result of our new security measures.
In December 2020, Shopify relisted our application in their App Store after we confirmed the vulnerability was remediated, additional security measures were implemented and we demonstrated full compliance with their data security standards. We also notified our users of the security vulnerability in November 2020 to make them aware of the situation so they could address any security concerns raised by their customers.
At Bestdealer, we are committed to providing a secure dropshipping platform for our customers, so they in turn can provide the best level of service to their customers. Thank you for your continued support, and please don’t hesitate to reach out to us directly with any questions or concerns.