Bhinneka
May 9, 2020
•[ leak, retail ]
Bhinneka has 1.2 million records dumped by ShinyHunters.
HomeChef
May 8, 2020
•[ leak, misconfiguration, retail ]
A database with 8 million records belonging to the meal kit delivery service HomeChef is put on sale on the dark web.
StorEnvy
May 7, 2020
•[ leak, hack, retail ]
The e-commerce website StorEnvy is hacked and as a result, personal details of over 1.5 million customers and merchants are leaked online.
Bukalapak
May 4, 2020
•[ leak, retail ]
The data of 13 million users of the e-commerce platform Bukalapak are posted on a dark web forum, despite the company denying the breach.
Harvest Sherwood Food Distributors
May 3, 2020
•[ ransomware, malware, retail ]
Food supplier Harvest Sherwood Food Distributors is hit by a REvil ransomware attack.
Tokopedia
May 3, 2020
•[ hack, brute-force, retail ]
A hacker sells a database containing the information of 91 million Tokopedia accounts on a dark web market for $5,000. Other threat actors start to crack passwords and share them online.
Robert Dyas
April 26, 2020
•[ financial, malware, retail ]
Robert Dyas notifies customers to have been hit by a malicious script in the payment page between 7-30 March.
Whisky Auctioneer
April 21, 2020
•[ hack, ddos, retail ]
An online auction of rare whiskies is postponed indefinitely following a DDoS attack.
PrimoHoagies
April 17, 2020
•[ financial, retail ]
PrimoHoagies reveals that cyber-attackers had broken into its online payment platform and accessed the payment card information of customers who made online purchases between July 15, 2019, and February 18, 2020.
Tokopedia
April 17, 2020
•[ leak, retail ]
In April 2020, Indonesia's largest online store Tokopedia suffered a data breach. The incident resulted in 15M rows of data being posted to a popular hacking forum. An additional 76M rows were later provided to HIBP in July 2020. In total, the data included over 71M unique email addresses alongside names, genders, birth dates and passwords stored as SHA2-384 hashes.
Quidd
April 10, 2020
•[ leak, retail ]
Quidd, an online marketplace for trading stickers, cards, toys, and other collectibles, appears to have suffered a data breach in 2019, and the details of around four million users are now being shared for free on underground hacking forums.
Teespring
April 1, 2020
•[ leak, retail ]
In April 2020, the custom printed apparel website Teespring suffered a data breach that exposed 8.2 million customer records. The data included email addresses, names, geographic locations and social media IDs.
James
March 25, 2020
•[ hack, misconfiguration, retail ]
In June 2020, 14 previously undisclosed data breaches appeared for sale including the Brazilian delivery service, "James". The breach occurred in March 2020 and exposed 1.5M unique email addresses, customer locations expressed in longitude and latitude and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.
Takeaway
March 19, 2020
•[ hack, ddos, retail ]
The German food delivery service Takeaway is hit with a DDoS attack.
NutriBullet
March 18, 2020
•[ financial, malware, retail ]
NutriBullet is the victim of a Magrcart attack.
Boots
March 4, 2020
•[ hack, brute-force, retail ]
Boots suspends payments using loyalty points in shops and online after attempts to break into customers' accounts using stolen passwords.
J.Crew
March 3, 2020
•[ hack, retail ]
Clothing giant J.Crew says an unknown number of customers had their online accounts accessed "by an unauthorized party" in or around April 2019.
Vijay Sales
March 2, 2020
•[ leak, misconfiguration, retail ]
A threat actor posts a leaked Vijay Sales, a large electronics retail store chain in India, database on a popular dark web hacker forum. The threat actor claims the source was from an "exposed backup server" breached in February 2020.
Tesco
March 2, 2020
•[ hack, brute-force, retail ]
Tesco issues new cards to 600,000 Clubcard account holders after a credential stuffing attack.
Slickwraps
February 16, 2020
•[ leak, retail ]
In February 2020, the online store for consumer electronics wraps Slickwraps suffered a data breach. The incident resulted in the exposure of 858k unique email addresses across customer records and newsletter subscribers. Additional impacted data included names, physical addresses, phone numbers and purchase histories.
