Menswear brand Bonobos has began advising clients of a data leak that could have exposed their personal details.
Created in 2007, Bonobos launched as an online men’s apparel retailer, then in 2012, it started opening physical store stores. In 2017, for $310 million, Walmart acquired the retailer, integrating it as a division of the apparel department.
The organisation began warning customers of a data breach over the weekend that could have resulted in the theft of their personal information.
We suspect any of your account records, including your contact information and cryptographic password, might have been viewed by an unauthorised third party. The data breach message sent to users reads that your encrypted password was secured so that the real password was not available.
The organisation has told customers that in the event, no payment card details was compromised.
Bonobos has agreed to change the passwords of users; they have logged out of their accounts and the next time they attempt to log in, they will have to set up a new password.
A threat actor known as ShinyHunters, who is known for launching similar attacks, claims to have infiltrated the retailer and has reportedly already shared all the stolen data on a hacker website.
BleepingComputer notes that the information was stored in a 70 GB SQL file which included user data such as addresses and phone numbers for approximately 7 million accounts, account details for almost 2 million active users, and partial numbers of 3.5 million payment cards.
It seems that at least one hacker was able to break any of the passwords when the leaked passwords were hashed.
For clarification of the data breach and an official statement on the issue, We contacted Bonobos but has not received a reply yet. When a comment comes, we will update the post.