Full List

Search

Search Results (retail)

• Neiman Marcus May 30, 2020 • [ leak, retail ] Neiman Marcus suffers a data breach compromising personal information of approximately 4.6 million customers.
• Minted May 9, 2020 • [ leak, retail ] Minted, an online marketplace of independent artists and designers, suffers 5 million accounts leaked by ShinyHunters.
• Bhinneka May 9, 2020 • [ leak, retail ] Bhinneka has 1.2 million records dumped by ShinyHunters.
• HomeChef May 8, 2020 • [ leak, misconfiguration, retail ] A database with 8 million records belonging to the meal kit delivery service HomeChef is put on sale on the dark web.
• StorEnvy May 7, 2020 • [ leak, hack, retail ] The e-commerce website StorEnvy is hacked and as a result, personal details of over 1.5 million customers and merchants are leaked online.
• Bukalapak May 4, 2020 • [ leak, retail ] The data of 13 million users of the e-commerce platform Bukalapak are posted on a dark web forum, despite the company denying the breach.
• Harvest Sherwood Food Distributors May 3, 2020 • [ ransomware, malware, retail ] Food supplier Harvest Sherwood Food Distributors is hit by a REvil ransomware attack.
• Tokopedia May 3, 2020 • [ hack, brute-force, retail ] A hacker sells a database containing the information of 91 million Tokopedia accounts on a dark web market for $5,000. Other threat actors start to crack passwords and share them online.
• Robert Dyas April 26, 2020 • [ financial, malware, retail ] Robert Dyas notifies customers to have been hit by a malicious script in the payment page between 7-30 March.
• Whisky Auctioneer April 21, 2020 • [ hack, ddos, retail ] An online auction of rare whiskies is postponed indefinitely following a DDoS attack.
• PrimoHoagies April 17, 2020 • [ financial, retail ] PrimoHoagies reveals that cyber-attackers had broken into its online payment platform and accessed the payment card information of customers who made online purchases between July 15, 2019, and February 18, 2020.
• Tokopedia April 17, 2020 • [ leak, retail ] In April 2020, Indonesia's largest online store Tokopedia suffered a data breach. The incident resulted in 15M rows of data being posted to a popular hacking forum. An additional 76M rows were later provided to HIBP in July 2020. In total, the data included over 71M unique email addresses alongside names, genders, birth dates and passwords stored as SHA2-384 hashes.
• Quidd April 10, 2020 • [ leak, retail ] Quidd, an online marketplace for trading stickers, cards, toys, and other collectibles, appears to have suffered a data breach in 2019, and the details of around four million users are now being shared for free on underground hacking forums.
• HomeRefill April 2, 2020 • [ leak, retail ] In April 2020, now defunct Brazilian e-commerce platform HomeRefill suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 187k unique email addresses along with names, phone numbers, dates of birth and salted password hashes.
• Teespring April 1, 2020 • [ leak, retail ] In April 2020, the custom printed apparel website Teespring suffered a data breach that exposed 8.2 million customer records. The data included email addresses, names, geographic locations and social media IDs.
• James March 25, 2020 • [ hack, misconfiguration, retail ] In June 2020, 14 previously undisclosed data breaches appeared for sale including the Brazilian delivery service, "James". The breach occurred in March 2020 and exposed 1.5M unique email addresses, customer locations expressed in longitude and latitude and passwords stored as bcrypt hashes. The data was provided to HIBP by dehashed.com.
• Takeaway March 19, 2020 • [ hack, ddos, retail ] The German food delivery service Takeaway is hit with a DDoS attack.
• NutriBullet March 18, 2020 • [ financial, malware, retail ] NutriBullet is the victim of a Magrcart attack.
• Boots March 4, 2020 • [ hack, brute-force, retail ] Boots suspends payments using loyalty points in shops and online after attempts to break into customers' accounts using stolen passwords.
• J.Crew March 3, 2020 • [ hack, retail ] Clothing giant J.Crew says an unknown number of customers had their online accounts accessed "by an unauthorized party" in or around April 2019.