The Consentik plugin adds cookie consent banners to customer websites. However, the unsecured server was broadcasting real-time site analytics and private authentication tokens, including Shopify admin credentials and Facebook ad tokens, to anyone on the internet who knew where to look.

This is brutal.