[BreachExchange] SHEIN fashion retailer announces breach affecting 6.42 million users
Audrey McNeil
audrey at riskbasedsecurity.com
Tue Sep 25 19:14:14 EDT 2018
https://www.zdnet.com/article/shein-fashion-retailer-announces-breach-affecting-6-42-million-users/
Online fashion store SHEIN announced a security breach last week that
affected around 6.42 million of its customerbase. The North Brunswick-based
company is currently in the process of contacting all affected users and
asking them to change passwords for their online store accounts.
The company says the breach occurred over the summer, sometime in June,
when hackers carried out "a sophisticated criminal cyberattack on its
computer network."
No technical details were provided about how the actual breach went down,
but SHEIN said the intruders managed to gain access to customers' email
addresses and encrypted passwords for its online store accounts.
The company discovered the incident on August 22, according to a press
release SHEIN circulated on Friday, September 21.
"We have seen no evidence that your credit card information was taken from
our systems and SHEIN typically does not store credit card information on
its systems," the company said in an advisory posted on its website.
The retailer says it hired a well-known forensic cybersecurity firm as well
as an international law firm to help it investigate the incident further.
By the way SHEIN described the incident, this breach doesn't appear to be
related to the recent wave of Magecart hacks --incidents where hackers
placed card-stealing code inside the JavaScript files of legitimate sites.
Magecart hacks have been recently reported by Ticketmaster, British
Airways, Feedify, ABS-CBN, Newegg, but also Hats.com, TechRabbit, Title
Nine, and Stein Mart.
SHEIN, also spelled SheIn, is a US-based online store dedicated to women's
fashion. The company was founded in 2008, and it currently ships to over 80
countries all over the world.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180925/543d84a5/attachment.html>
More information about the BreachExchange
mailing list