PupBox
September 2, 2020
•[ financial, retail ]
Petco Health and Wellness Company subsidiary PupBox, Inc. was victim of a data breach that resulted in the exposure of payment card information of tens of thousands of customers.
Livpure
August 29, 2020
•[ leak, retail ]
In August 2020, the Indian retailer Livpure suffered a data breach which exposed over 1 million customer purchases with 270 thousand unique email addresses. The data also included names, phone numbers, physical addresses and details of purchased items. The data was provided to HIBP by a source who requested it be attributed to "white_peacock@riseup.net".
Instacart
August 20, 2020
•[ insider, misconfiguration, retail ]
US-based grocery delivery and pick-up service Instacart has disclosed a security incident that involved unauthorized access of customer information by two support agents from a third-party vendor retained by the company.
Utah Gun Exchange
August 17, 2020
•[ leak, retail ]
Earlier this month, datasets containing over 240,000 records of the Utah Gun Exchange website were posted openly on a popular hacking forum.
Lazada RedMart
July 30, 2020
•[ leak, misconfiguration, retail ]
In October 2020, news broke of Lazada RedMart data breach containing records as recent as July 2020 and being sold via an online marketplace. In all, the data contained 1.1 million customer email addresses alongside names, phone numbers, physical addresses, partial credit card numbers and passwords stored as SHA-1 hashes.
Century Specialty Script, LLC
July 28, 2020
•[ hack, misconfiguration, retail ]
Century Specialty Script, LLC disclosed a data breach from July where one employee's Microsoft Office365 account was compromised.
Mattel
July 28, 2020
•[ ransomware, malware, retail ]
Toy maker Mattel has disclosed that it suffered a ransomware attack in July that impacted some of its business functions but did not lead to data theft.
Instacart
July 23, 2020
•[ leak, brute-force, retail ]
Online shopping service Instacart says reused passwords are to blame for a recent spate of account breaches, which saw personal data belonging to hundreds of thousands of Instacart customers stolen and put up for sale on the dark web.
JM Bullion
July 17, 2020
•[ financial, malware, retail ]
Gold seller JM Bullion was the victim of a MageCart-style attack for five months.
Utah Gun Exchange
July 17, 2020
•[ hack, misconfiguration, retail ]
In July 2020, the Utah Gun Exchange website suffered a data breach which included several other associated websites. In total, 235k unique email addresses were exposed before being traded online alongside names, usernames, genders, IP addresses and password hashes. The data was provided to HIBP by breachbase.pw.
WiziShop
July 14, 2020
•[ leak, retail ]
In July 2020, the French e-commerce platform WiziShop suffered a data breach. The breach exposed 18GB worth of data including names, phone numbers, dates of birth, physical and IP addresses, SHA-1 password hashes and almost 3 million unique email addresses. The data was provided to HIBP by a source who requested it be attributed to "pom@pompur.in".
Drizly
July 2, 2020
•[ hack, retail ]
In approximately July 2020, the US-based online alcohol delivery service Drizly suffered a data breach. The data was sold online before being extensively redistributed and contained 2.5 million unique email addresses alongside names, physical and IP addresses, phone numbers, dates of birth and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.
Havenly
June 25, 2020
•[ leak, retail ]
In June 2020, the interior design website Havenly suffered a data breach which impacted almost 1.4 million members of the service. The exposed data included email addresses, names, phone numbers, geographic locations and passwords stored as SHA-1 hashes, all of which was subsequently shared extensively throughout online hacking communities. The data was provided to HIBP by dehashed.com.
LiveAuctioneers
June 19, 2020
•[ leak, misconfiguration, retail ]
In June 2020, the online antiques marketplace LiveAuctioneers suffered a data breach which was subsequently sold online then extensively redistributed in the hacking community. The data contained 3.4 million records including names, email and IP addresses, physical addresses, phones numbers and passwords stored as unsalted MD5 hashes. The data was provided to HIBP by breachbase.pw.
Claire's
June 15, 2020
•[ financial, malware, retail ]
Researchers from Sansec reveal that the websites for U.S. based jewelry and accessory giant Claire's, and its subsidiary Icing, were compromised in April via a Magecart attack.
In Sport
June 11, 2020
•[ ransomware, malware, retail ]
Activewear retailer In Sport reveals to have suffered a Sodinokibi ransomware attack back in May 2020.
Avon
June 8, 2020
•[ ransomware, malware, retail ]
Cosmetics giant Avon discloses a security incident allegedly due to the DoppelPaymer ransomware.
Teespring
June 1, 2020
•[ leak, retail ]
A hacker has leaked the details of millions of users registered on Teespring, a web portal that lets users create and sell custom-printed apparel.
Neiman Marcus
May 30, 2020
•[ leak, retail ]
Neiman Marcus suffers a data breach compromising personal information of approximately 4.6 million customers.
Minted
May 9, 2020
•[ leak, retail ]
Minted, an online marketplace of independent artists and designers, suffers 5 million accounts leaked by ShinyHunters.
