Shopify says it has no evidence at this stage of the investigation that the data was used.
It says fewer than 200 merchants whose stores have been illegally accessed are at risk of having their customer data exposed. This data includes basic contact information, such as email address, name and address, as well as order details, such as products and services purchased.
Full payment card numbers or other sensitive personal or financial information was not affected.
Shopify, which is Canada’s most valuable company, says the incident was not the result of a technical vulnerability in its platform, and stressed that the vast majority of its customers are not affected.