Philadelphia business owner falls victim to cyber attack

Cyber security expert Rob D'Ovidio said this is a lesson for everyone about the importance of two-factor authentication.
PHILADELPHIA (WPVI) -- A small business in Philadelphia had recently fallen victim to cyber hackers.

The owner says all their sales from Black Friday and Small Business Saturday are now gone.

To have it happen during the most critical time of the year is devastating, and it's a reminder about security features everyone should make sure are in place.

Ali's Wagon, a gift shop, has been a staple on Fairmount Avenue for 15 years.

"We opened when my daughter was one, and she's about to be 16," said Jessie Menken.

Menken uses Shopify for credit card transactions. Shopify processes the sale, takes out its fees, and puts the rest in Menken's bank account.

"And that's what been removed. Our bank account was no longer connected to our Shopify," she explained.

Menken said cyber thieves stole more than $30,000 by replacing her bank account with three different ones.

"Three new accounts really should have set off a major alarm," she said. "And so everything should have just been frozen until Shopify heard from me."

But Menken said Shopify only sent an email that her bank account had been changed. A message she didn't get until it was too late because the cyber thieves had hacked her email, too.

"I do want to say that no customers' cards were compromised in any way," she said.

Cyber security expert Rob D'Ovidio said this is a lesson for everyone about the importance of two-factor authentication.

He says that is the best form of protection across the industry.

"That should be a standard," D'Ovidio said.

Two-factor or multi-factor authentication requires a second form of validation before access is granted to an account.

"If you're working with a service and they're not, they don't have that two-factor authentication... run for the hills. Find another service that does that," he said.

D'Ovidio said this applies to business owners and consumers, and not only should you make sure multi-factor authentication is available, make sure it's activated.

"I don't think we're going to be able to make back half of what was lost. And that's really hard and scary," said Menken.

Shopify issued a statement surrounding this incident:

At Shopify, we take the privacy and security of our merchants very seriously. We go to great lengths to help merchants manage their accounts more securely by providing guidelines and recommendations. We recommend that all merchants enable two-factor authentication to provide a more secure login process and to help prevent unauthorized access to a merchant's admin.

Copyright © 2022 WPVI-TV. All Rights Reserved.