Recurpay

We've been closely tracking the increasing targeting of e-commerce platforms and their associated service providers, noting a pattern of attackers seeking access to customer data through third-party integrations. What really struck us about the Recurpay breach wasn't the relatively modest number of affected users, but the breadth of data exposed and the potential for downstream attacks targeting Shopify merchants and their customers. The data had been circulating quietly in a known breach forum, but we noticed the detail in the exposed order information made it a higher-priority incident than the user count alone suggested.

Recurpay Breach: 14,805 Users' Data Exposed

In July 2025, Recurpay, an India-based subscription software company specializing in recurring billing and management for Shopify and other e-commerce platforms, suffered a data breach that affected 14,805 users. The breach was discovered on July 2nd, 2025, when a database dump appeared on a popular breach forum. What caught our attention was the level of detail included for each user, extending beyond basic contact information to include order details, potentially providing attackers with insights into customer purchasing habits and preferences. This type of data is particularly valuable for crafting highly targeted phishing campaigns or conducting account takeover attacks on e-commerce platforms.

This breach matters to enterprises now because it highlights the inherent risks in relying on third-party services for critical business functions like payment processing and subscription management. Even a relatively small vendor like Recurpay can serve as a gateway to a larger ecosystem of e-commerce businesses and their customers. This incident aligns with the broader threat theme of supply chain attacks, where attackers target smaller entities to gain access to larger, more valuable targets. This is further emphasized by the increasing automation of attacks, where tools are used to identify and exploit vulnerabilities in third-party applications.

Key point: Total records exposed: 14,805

Key point: Types of data included: Email Addresses, Phone Numbers, First Names, Last Names, Physical Addresses, Geographic Locations, and Order Details.

Key point: Source structure: Database dump

Key point: Leak location: Breach forum

Key point: Date of first appearance: July 2, 2025

External Context & Supporting Evidence

While there has been no mainstream media coverage of this specific breach, similar incidents involving e-commerce platforms and their vendors have been reported by outlets like TechCrunch and BleepingComputer. These reports highlight the growing trend of attackers targeting vulnerabilities in e-commerce ecosystems to steal customer data and conduct fraudulent activities.

On the breach forum where the data was posted, one user commented, "This looks like a goldmine for Shopify phishing campaigns." This sentiment reflects the understanding within the cybercriminal community of the potential value of this data for targeting e-commerce customers. This is not an isolated incident either, with threat reports from cybersecurity firms such as CrowdStrike detailing how stealer logs are often used to gather credentials for e-commerce sites.

Email · Address · Phone · Number · First · Name · Last