Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Shopify's recent update introduces advanced extensibility features for Shopify customer accounts, significantly enhancing both Direct-to-Consumer (DTC) and Business-to-Business (B2B) customer accounts. This update allows for more seamless and customizable customer interactions, boosting satisfaction and operational efficiency for both types of customers. Shopify has revealed that developers can now access customer accounts using customer account UI extensions, which are currently in developer preview.

When someone registers for an online service or healthcare portal, logs into an eCommerce store, or uses a streaming platform, the first interaction usually involves identity and authentication. For businesses, this moment is critical because it connects security, customer experience, and trust.

The Digital Statute for Children and Adolescents (Digital Estatuto da Criança e do Adolescente or Lei 15.211/2025) is a new law outlining age assurance (garantia de idade) requirements in Brazil. Also known as the Digital ECA, it was enacted in September 2025 and goes beyond self-attestation, applying to a wider range of online platforms that offer certain services. On March 17, 2026, the Digital ECA will become enforceable.

Shopify has officially deprecated Legacy Customer Accounts as of February 2026, marking a major shift in how customer authentication works across Shopify stores. It has also been confirmed that a final sunset date will be announced later in 2026, after which legacy templates will be locked from editing and eventually removed.

In 2022, Uber's systems were breached by an 18-year-old. Multi-Factor Authentication (MFA) was active, but the attackers flooded an employee's phone with push requests until they approved one, just to stop the annoyance. Authentication worked as designed, and the attacker got in. This is, in general terms, an MFA fatigue attack. Fast forward to Q1 2025. Rapid7 found that more than 56% of all compromises resulted from stolen credentials where no MFA was in place.

Hiring has never been easy. But in the last year, it’s taken on an entirely new level of complexity. Fake candidates have become one of the most urgent problems facing HR, talent, and InfoSec teams alike. Today’s recruiters are flooded with AI-generated resumes that are nearly impossible to distinguish from legitimate candidates. When fake candidates make it to interviews, the tactics escalate with deepfakes used to impersonate people and proxy stand-ins for technical assessments.

If your identity governance program feels like a relic from a simpler time, you’re not alone. Traditional identity governance and automation (IGA) was built for a world where job titles told the whole story. A software engineer was a software engineer; a sales rep was a sales rep. Assigning access was intended to be as simple as slotting people into predefined roles.

Most security teams cannot confidently answer a simple question: who has access to which cloud resources right now? Human identities and accounts now span across thousands of services, subscriptions, and SaaS platforms. The result is a vast, decentralized environment riddled with “unknown unknowns” that security teams cannot fully map, and that traditional security controls weren’t designed to address. Attackers count on these identity blind spots.