An Update on Security Enhancements

The following update will keep you informed about how we are addressing and resolving the incident with the Mailchimp Newsletter Element. 

Why we were unlisted

On April 30, 2021, a potential security gap with the Mailchimp Newsletter Element was detected. As merchant security is one of our top priorities, we have taken immediate actions to protect individuals who may be at risk.


The issue has been resolved within 2 days of detection. However, GemPages was kept delisted for 6 months as a precautionary measure. We have taken this opportunity to strengthen our product security.


Alongside internal security checks, we also worked with Cobalt - a pen-testing firm to tighten all security vulnerabilities. As of now, we are confident that the GemPages app is fully protected. 


GemPages put merchant security above all else and vow to be completely transparent with them. We apologize for any inconvenience this may have caused.

Our security enhancements

Right after the incident

When Shopify informed us about the issue, our team quickly tested and updated all affected stores to ensure the security of the integration. 

 

We also released the announcement via email, issued detailed guidelines on how to use the updated element, and provided alternative solutions to all affected stores.

 

To make sure this incident does not happen again, the Mailchimp integration was removed from GemPages.

During the delisted period

We’ve been working hard to carefully test and check the app along with other integrations. We also work closely with Cobalt - a US-based pentesting firm with a great reputation - to perform penetration tests on GemPages.

 

We want to inform you that no major security risk was detected in GemPages, and all recommendations from Cobalt have been deliberately implemented. If you would like further information, please contact us for the full report.


We’ve secured all risks except one related to the template sharing feature. According to the app’s Terms of Service, users will take full responsibility for their generated content via the feature. But we will take appropriate measures to monitor and report any misconduct.

Moving forward

Protecting our customers will always be our company’s top priority. And we are committed to maintaining, enhancing security as well as providing strong protections for our customers. For more information, please check out our updated Privacy Policy & Terms of Service


If you have any concerns about your personal security, let us know via email and live chat. Thank you for your trust and understanding. 

 


Was this helpful?