Shopify: Order lookup features of Shopify Chat Application leads to customer orders enumeration due to lack of user input validation

It came to my attention that the Shopify Chat application allows a customer to retrieve its order status by only providing the order email and number. Noticing that it results in being provided the order status page link, I started playing a bit with both parameters and I found out that it is...

Shopify: Disclose customer orders details by shopify chat application.

Hello Shopify Security Team! Bug Summary: ============= This bug leads to disclose any store orders details including sensitive informations, through shopify chat app. the chat app can retrieve the orders details for unauthorized user. Reproduction steps: ============= - install shopify chat...