[BreachExchange] Havenly Breach Hits Over 1.3 Million Accounts

Destry Winant destry at riskbasedsecurity.com
Mon Aug 3 10:36:16 EDT 2020


https://www.infosecurity-magazine.com/news/havenly-breach-hits-over-13/

Havenly has become the latest online firm to suffer a serious breach
of customer data after hackers published the information for free on
the dark web.

Notorious dark web trader ShinyHunters was spotted last week posting
the data of nearly 1.4 million accounts online.

They’re said to be part of a much bigger 386 million record trove
including data from customers of Dave, Promo and HomeChef, which has
been previously disclosed.

According to breach notification site HaveIBeenPwned, the data from
Havenly customers includes email addresses, names, phone numbers,
geographic locations and passwords stored as SHA-1 hashes.

However, an email to customers from the interior design company last
week failed to mention the compromise of personal data at all, instead
focusing on the fact that no financial details were disclosed.

“We are working with external security experts to investigate this
matter. However, in the meantime, out of an abundance of caution, we
are logging all existing customers out of their Havenly accounts and
asking our customers to reset their password when they next log in to
the Havenly website,” it continued.

“As a best practice, we also encourage all of our customers to use
different passwords across all online services and applications, and
to update those passwords now and on a regular basis.”

According to HaveIBeenPwned, the breach itself took place over a month
ago, on June 25, with the personal customer data “subsequently shared
extensively throughout online hacking communities.”

That means, at the very least, those same customers should be informed
of potential phishing and identity fraud risks stemming from the
incident.

Last week it was revealed that a breach at Promo.com had compromised
over 14 million accounts, while one at LA-based fintech Dave included
an estimated 7.5 million records.


More information about the BreachExchange mailing list