Security Notes

October 14, 2021 - SSL Certificate Vulnerability Fixed

A minor issue was found within the SSL certificate, which could have allowed a potential exploit. This vulnerability was quickly identified and patched to ensure continued security.

April 3, 2022 - Old DNS Entry Causing Redirect Error Resolved

An outdated DNS entry linked to Sendinblue, an old email distribution service we previously used, caused a redirect error. This issue was promptly fixed by removing the incorrect DNS entry.

September 27, 2022 - Unauthorized API Access Attempt Prevented

We detected an unauthorized attempt to access our API using a brute-force attack. The attack originated from multiple IP addresses, indicating a coordinated effort. We blocked the offending IPs, strengthened API rate-limiting rules, and implemented additional authentication measures to prevent future attempts.

May 8, 2023 - Email Breach Contained and Resolved

An email breach in May 2023 allowed unauthorized access to our email system. No customer data was compromised, as all sensitive information is stored securely on Shopify’s end. Unfortunately, the attackers used our emails to purchase unauthorized products and services. This issue was resolved by fixing the DNS injection that led to the breach.

August 21, 2023 - DDoS Attack on License Redemption Server Mitigated

A DDoS attack targeted the server responsible for redeeming licenses, causing significant downtime. To resolve this, we rerouted traffic, ensuring system stability and restoring full functionality.

November 5, 2023 - Fake License Generator Circulating Online

We discovered a malicious website falsely claiming to generate valid Lizosoft licenses for free. This fraudulent tool was flagged as a scam, and we took steps to report and takedown the website. Customers are reminded that only licenses purchased through Lizosoft are genuine and legally compliant.

January 17, 2024 - SQL Injection Attack Logged and Prevented

Our firewall detected and blocked an SQL injection attack targeting our user authentication database. The attacker attempted to extract customer data, but our system's security protocols prevented any breaches. Further enhancements have been made to mitigate similar risks in the future.

March 2, 2024 - DDoS Attack on License Redemption Server (Permanent Fix)

Following another DDoS attack on our license redemption server, we migrated to a new server and implemented Cloudflare protection to enhance security and prevent future disruptions.

June 10, 2024 - Suspicious Login Attempts from High-Risk Regions

Our security logs showed an increase in suspicious login attempts from high-risk locations. While no accounts were compromised, we have implemented geofencing to restrict logins from certain regions and enhanced multi-factor authentication (MFA) enforcement.

January 10, 2025 - Redirecting Some Users on Mobile Devices

Some mobile users reported unexpected redirects when accessing our website. After investigating, we determined that an outdated Google Ads integration was causing the issue. The problem was traced back to an old tracking script that conflicted with Shopify’s mobile redirection settings.

To resolve this, we worked with Shopify’s support team to remove the outdated integration and apply the necessary fixes. The issue has been fully resolved, and all mobile traffic is now functioning as expected.

Please report any problem to our team.