We are using the Seccomap Free Gift App and have discovered a problem that is either coming from another app or is a loophole. We have a special that allows customers to get 2 free fish when they purchase 10. However, in the past couple of weeks, we have had a few customers buy one or two fish and then continue to load a couple of hundred free fish into their cart. We have worked with the Seccomap Support Team but this is what they have come up with:
We have checked these orders and seen that they have strange things as the previous order issue:
1. They do not have cart_token:
-> which means they did not come from Add to cart button: [login to view URL]
2. The landing site is not page (collection page, product page, ...) but it is an API address: [login to view URL]
3. The appID of those orders is 3890849, which is different from all other orders (58011)
From all of these, we guess that these orders were created from another app on your store, which has the AppID as 3890849 or someone found out of the loophole that app and made use of it to hack the gift. But we are not able to track the AppID of another app so we cannot find it out which app is that.
Could you help us to contact the Shopify Support team to see which app has the appID as 3890849?
I have tried to contact Shopify with no luck and am know looking for a Freelancer that can help us. Our Shopify Store is www.theifishstore.com.