Why we were unlisted
On April 30, 2021, a potential security gap with the Mailchimp Newsletter element was detected. As merchant security is one of our top priorities, we have taken immediate actions to protect individuals who may be at risk.
The issue has been resolved within 2 days of detection. However, GemPages was kept delisted for 6 months as a precautionary measure. We have taken this opportunity to strengthen our product security.
Alongside internal security checks, we also worked with Cobalt - a pentesting firm to tighten all security vulnerabilities. As of now, we are confident that the GemPages app is fully protected.
GemPages put merchant security above all else and vow to be completely transparent with them. We apologize for any inconvenience this may have caused.
Our security enhancements
Right after the incident
When Shopify informed us about the issue, our team quickly tested and updated all affected stores to ensure the security of the integration.
We also released the announcement via email, issued detailed guidelines on how to use the updated element, and provided alternative solutions to all affected stores.
To make sure this incident does not happen again, the Mailchimp integration was removed from GemPages.
During the delisted period
We’ve been working hard to carefully test and check the app along with other integrations. We've also worked closely with Cobalt to perform penetration tests on GemPages.
As of now, no major security risk was detected in GemPages, and all recommendations from Cobalt have been deliberately implemented. If you would like further information, please contact us for the full report.
We’ve secured all risks except one related to the template sharing feature. According to the app’s Terms of Service, users will take full responsibility for their generated content via the feature. But we will take appropriate measures to monitor and report any misconduct.