[wyxuan]

The only icing in the cake is that at least Shopify has been both transparent and quick - it's only taken a couple months and they've managed to get bottom of the case. Couple months might seem long but from what I've seen it takes about a year of lag time from the start of the breach to when the company finds out/acknowledges.

In any case I'm wondering - how did Shopify discover this intrusion? Do they check logs regularly? Did they receive a tip off?

[twunde]

This is a common requirement for security-conscious organizations, especially those with HIPAA or PCI requirements. For shopify, this likely was originally created as a customer requirement, so that clients could monitor their staff. The typical setup is to generate internal user logs and feed it into a SIEM of some type, potentially with custom rules to do some checking. Alternatively, this may very well have been caught by a type of DLP (data loss protection) or network monitoring product