SHEIN Data breach affected 6.42 million users

September 25, 2018  By Pierluigi Paganini


Another fashion retailer suffered a data breach, the victim is SHEIN that announces the security breach affected 6.42 million customers.

The retailer hired a forensic cybersecurity firm as well as an international law firm to investigate the security breach.

SHEIN is now notifying affected users and it is urging them to change the password for their account.

The online fashion retailer announced a security breach last week, according to the firm the attackers carried out “a sophisticated criminal cyberattack on its computer network.”

“On August 22, 2018, SHEIN became aware that certain personally identifiable information of its customers was stolen during a concerted criminal cyberattack on its computer network.” reads the data breach notification.

“Immediately upon becoming aware of this potential theft, SHEIN hired a leading international forensic cybersecurity firm as well as an international law firm to conduct a thorough investigation.”

Hacker accessed customers personal information, including email addresses and encrypted password credentials of customers who visited the online store.

There are no technical details about the incident, the company only confirmed to have found a malware on its servers and has promptly removed it.

” In addition, SHEIN servers have been scanned and malware found on the servers has been removed. “Back door” entry points to the servers opened by the attackers have been closed and removed.” continues the press release.

According to the data breach notification, there is no evidence that financial data have been stolen by hackers, SHEIN remarked that it does not store credit card information on its systems

“We have seen no evidence that your credit card information was taken from our systems and SHEIN typically does not store credit card information on its systems,” added the company.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – hacking, data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]



Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.





You might also like





  • Digging the Deep Web: Exploring the dark side of the web

    Digging The Deep Web

  • Center for Cyber Security and International Relations Studies

  • Subscribe Security Affairs Newsletter

    newsletter

  • SecurityAffairs awarded as Best European Cybersecurity Tech Blog at European Cybersecurity Blogger Awards

    EU Sec Bloggers Awards 22


More Story

White hat hacker found a macOS Mojave privacy bypass 0-day flaw on release day

 The popular macOS expert and former NSA hacker has discovered a zero-day vulnerability in macOS on Mojave 's release day. It...