2 min read

Malware steals passwords from 6.4 million SHEIN customers

Graham CLULEY

September 26, 2018

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Malware steals passwords from 6.4 million SHEIN customers

Women’s fashion retailer SHEIN has suffered a major security breach that has exposed the personal information and passwords of over six million customers.

In a press statement, SHEIN reveals that it discovered on August 22 2018 that malicious hackers had compromised its computer network, and that between June and early August 2018 customer email addresses and “encrypted password credentials” had been stolen.

According to the company, malware had opened backdoors on corporate servers through which the attackers had stolen data associated with approximately 6.42 million customers.

What hasn’t been disclosed is how the malware came to be planted on SHEIN’s servers, and says it is against its policy to discuss the specific details, but SHEIN does say that the security holes exploited by the hackers have now been closed.

From the description, the attack against SHEIN does not appear to bear the hallmarks of the Magecart attacks which have impacted a number of sites in recent months, including Ticketmaster.

Fortunately, SHEIN says that it does not typically store payment card information on its systems, and there is no evidence to suggest that customers’ credit card details might have been stolen.

SHEIN says that it is reaching out to customers advising that passwords are changed, and is offering one year’s worth identity threat monitor for “affected customers in certain markets.”

In an FAQ, SHEIN tells users that they can reset their password by clicking on a link in an email they are sending users, or by manually visiting the SHEIN website, and after logging in, clicking the “Edit Password” link under the “Account Setting” page.

My advice is that you should visit the website to change your password, and *not* click on a link in an email. After all, now the breach is public knowledge it wouldn’t be too surprising if a criminal attempted to cause even more mayhem by spamming customers with a bogus email that *pretends* to come from SHEIN but really points to a site under the control of the hackers.

Furthermore, if you are concerned that your SHEIN password may have been compromised, please please do make sure that you are not using that same password on any other website.

Password reuse is one of the most common errors made by internet users. Every time you use the same password on different websites, you are increasing the chances that a hacker will be able to successfully exploit credentials stolen during an attack on one site to break into other accounts you may own online.

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Chinese criminals scam kids desperate to play games for more than three hours a week Chinese criminals scam kids desperate to play games for more than three hours a week
Graham CLULEY

August 12, 2022

2 min read
Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach
Silviu STAHIE

August 09, 2022

1 min read
Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down
Silviu STAHIE

August 05, 2022

1 min read