Bonobos clothing store suffered a data breach where 70GB of customer data was stolen from the website and exposed millions of customer personal information.
Bonobos suffered a data breach where 70GB of customer data was stolen from the website and exposed millions of customer personal information.
A threat actor known as Shiny Hunter posted the full Bonobos database to a free hacker forum.
The exposed data includes names and contact numbers associated with 7 million customers or orders, 3.5 million records containing the last four digits of credit card numbers and account data of 1.8 million customers, including passwords encrypted with the SHA-512 and SHA-256 hashing algorithms.
“So far, [we] have found no evidence of unauthorised parties gaining access to Bonobos' internal system," the company reported to Bleeping Computer.
"What we have discovered is an unauthorised third party was able to view a backup file hosted in an external cloud environment. We contacted the host provider to resolve this issue as soon as we became aware of it."
Bonobos reported that they have taken additional precautionary methods, including turning off access points, invalidating account passwords and requiring password resets to secure customer accounts.
The company is notifying customers through email that an unauthorised third party may have viewed their contact information and encrypted passwords.
The database did not contain any payment information, and it is not clear when the data was stolen.
All the Bonobos users must immediately change their password on the site, and if the same password has been used at other sites, it is recommended to change the password there.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?