Data breaches are on the rise for both retailers and other e-commerce businesses. The target of which became one of the emerging online clothing e-commerce brand SHEIN.
The US online fashion retailer based out at North Brunswick was founded in 2008 with the aim of to produce “affordable” and trendy fashion clothing for women. Today, it has gained the benchmark of becoming one of the largest online fashion retailers that ships to more than 80 countries worldwide. Also making it one of the most vulnerable sites to data breaches given the enormous traffic.
The online fashion giant recently admitted that the company has suffered a significant data breach after unknown hackers stole personally identifiable information (PII) of almost 6.5 million customers.
SHEIN admitted that its servers were recently targeted by a “concerted criminal cyber-attack” which apparently began in June and lasted until August 22, while the company was finally made aware of the potential theft.
It was only after the attack that the company scanned its servers for any backdoor vulnerabilities and SHEIN has ensured its customers that the website is now secure to visit.
Details of the attack
As whatever details were disclosed by the company, hackers managed to steal gain access to email addresses and encrypted password credentials for 6.42 million customers who registered on its website.
“While the full extent of the attack will continue to be investigated, it can now be confirmed that the personal information illegally acquired by the intruders included email addresses and encrypted password credentials of customers who visited the company website,” SHEIN said.
However, there is a sign of relief for the customers as SHEIN states that the company does not store any credit card information on its systems so there is no evidence that any credit card information of its customers was hacked. Since no financial details were hacked the plausibility of the attack been associated with Magecart cyber attacks, affecting popular online services including Ticketmaster, British Airways, and Newegg, can be ruled out.
What can SHEIN customers do for prevention?
Though the company has already taken stance and have hired a leading international forensic cybersecurity firm and an international law firm to launch a thorough investigation, it is important that customers to take certain preventive measures.
The company itself is approaching all affected customers and requesting them to change passwords for their online store accounts by either clicking the link provided in the email notification from SHEIN or directly logging into their SHEIN account to change the password.
At the same time, the company has also urged all customers to directly contact their respective banks or credit card companies in case they think that their details are being compromised.