Data breach at Bonobos hits up to 7 million: What to do [updated]
Information alienation at Bonobos hits up to 7 million: What to practise [updated]
Seventy gigabytes' worth of customer information stolen from the website of U.S. men's clothing retailer Bonobos has been posted in a hacker forum, reports Bleeping Reckoner.
The data includes the names and telephone numbers associated with up to seven million customers or orders, iii.5 million records containing the last four digits of credit card numbers, and account information for 1.8 1000000 customers, including passwords encrypted with the SHA-256 and SHA-512 hashing algorithms.
- Google Chrome just got a big upgrade to help y'all with countersign hell
- The best countersign managers to protect your accounts
- Plus: ii.3 meg hit past dating site information breach — what to practice
One person who got hold of the stolen data said they had already "croaky" more than 150,000 passwords encrypted with SHA-256, the weaker algorithm of the two.
(This has nothing to do with the French retailer Bonobo, which sells casual article of clothing to both men and women.)
If you have a Bonobos customer account, modify its password immediately. If you've used the same username and countersign on other websites, change the passwords on those sites also to protect yourself from credential-stuffing attacks.
Make every new password potent and unique. One of the all-time password managers will help you sort all that out.
Stolen backup
Bonobos confirmed to Bleeping Computer that the data was genuine, but said information technology had been taken from a cloud backup hosted by a 3rd-party service and not directly from Bonobos' own network.
"So far, [nosotros] have found no evidence of unauthorized parties gaining access to Bonobos' internal system," the company told Bleeping Reckoner. "What nosotros take discovered is an unauthorized 3rd party was able to view a backup file hosted in an external cloud environment. We contacted the host provider to resolve this consequence as soon as we became enlightened of it."
The company also said it would be forcing password resets for whatever account for which the password was compromised.
"Nosotros're emailing customers to notify them that their contact information and encrypted passwords may have been viewed by an unauthorized tertiary party," Bonobos told Bleeping Estimator. "Payment information was non affected by this issue."
Data goes back several years
It's non clear when the data was stolen, just screenshots of the stolen data posted on Bleeping Calculator indicated it was at to the lowest degree as one-time every bit 2014 (three years before Walmart bought the Bonobos company) and as recent as July 2020.
However, if you've ever shopped at the Bonobos website, go over your recent credit-card statements and allow your card issuer know right abroad if anything looks wrong.
Bonobos apparel can also be purchased on the Walmart website, and it was formerly available on Walmart'south now-shuttered subsidiary Jet.com. Only information technology does not appear that information from either of those sites was compromised.
Update: Bonobos argument
A spokesperson for Bonobos reached out to Tom's Guide and provided the following argument:
"To analyze, 7 million customers were not impacted. Rather, a total of seven million addresses were visible. Customers ofttimes send to more than one address, or apply a different billing accost, only again, this does not hateful seven million customers were impacted. In fact, the number was far less."
Source: https://www.tomsguide.com/news/bonobos-data-breach-7-million
Posted by: purvistwoulair.blogspot.com
0 Response to "Data breach at Bonobos hits up to 7 million: What to do [updated]"
Post a Comment