SHEIN Breach Exposes Emails, Encrypted Passwords Of 6.42M Customers (Sep 25, 2018)
Online fashion retailer, SHEIN, suffered a data breach when unknown threat actors were able to access emails and the encrypted passwords of 6.42 million customers. The data breach was reported to occur before August 22, which is when the company became aware that customer information was compromised. The company stated that while emails and passwords were compromised, no credit card information was taken, though SHEIN did not discuss the full extent of the breach. According to the company, their online website is safe to visit and use, and they highly recommend resetting their account passwords
Recommendation: Leaks of this sort causes individuals to be at a large risk of phishing attacks. Actors can use this information to coerce more personal data from the victim. Users should also monitor their credit in order to make sure that nothing out of the ordinary is happening and no identity fraud is being committed. Individuals who have accounts associated to this story should change their passwords as soon as possible, particularly if passwords for said accounts are the same to other online accounts.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.