Have I Been Pwned?
Users can check if their data have been exposed in the StreetEasy and Sephora data breaches.
The StreetEasy data breach took place in the mid-2016 and exposed 988k records that included names, usernames, email addresses and SHA-1 password hashes. The data has been available for sale in the cybercrime underground since February. In February, Gnosticplayers hacker offered a third round of databases containing millions of hacked accounts from unreported data breaches, including Streeteasy (Real estate) with 990,000 records.
“In approximately June 2016, the real estate website StreetEasy suffered a data breach. In total, 988k unique email addresses were included in the breach alongside names,
HIBP also included data from a data breach suffered by Sephora Southeast Asia in January 2017 that exposed data for 780,073 customers, including customer’s dates of birth, email addresses, ethnicities, genders, names, and physical attributes.
“In approximately January 2017, the beauty store Sephora suffered a data breach. Impacting customers in South East Asia, Australia and New Zealand, 780k unique email addresses were included in the breach alongside names, genders, dates of birth, ethnicities and other personal information. The data
Data from the Sephora data breach has been seen being also sold on online hacker forums.
Users impacted by the data breaches have to change their passwords also on every site that shares the same credentials.
(SecurityAffairs – StreetEasy, data breach)