After gaining access, the attacker downloaded user data from the Ecommerce University database. On this hackers had stolen users name, email address, URL, and password (which was encrypted by bcrypt hashing algorithm) of attendees of user meetups from 2012 to 2014.
On a post shopify employee mentioned that-
"unauthorized access is now blocked, and changes have been made to prevent future incidents of this nature. No financial data or sensitive personal data was accessed, however, as a precaution Ecommerce University user passwords have been reset."If us clear that shopify platform was not affected with this incidence as the Ecommerce University database is a separate database from Shopify. The Shopify commerce platform was not affected -said Shopify.
Shopify have already send a notification to all its users to change the password of there account via email.
For extra security layer, we do suggest users to enable two-factor-authentication on their accounts and to change there password of online accounts frequently.