Shopify: Able to Login deactivated staff account in shopify app mobile

ID H1:175490
Type hackerone
Reporter clarckowen_
Modified 2016-11-29T13:32:06


Hi Shopify,

Deactivated staff account is able to login in shopify mobile app.


  1. Login your owner account
  2. Go to Staff Accounts and deactivate your staff account
  3. Login to your staff account in your shopify mobile app

As you can see you were able to login even the staff account was deactivated by the account owner