According to a leading cybersecurity firm, more than three million records of customers of international cosmetics and beauty products retailer Sephora are reportedly up for sale on the Dark Web.
Singapore-based cybersecurity outfit Group-IB said in a media release on Thursday (1 Aug) that its cyber intelligence analysts located “two databases with customer data on underground forums that are likely to be related to Sephora”.
These databases are believed to contain records from February and March this year, which corresponds with the recent Sephora data breach that affected the personal data of its online customers in Singapore, Malaysia, Indonesia, Thailand, the Philippines, Hong Kong, New Zealand, and Australia.
CEO and founder of Group-IB Ilya Sachkov said in the media release that the first database was advertised on two Dark Web forums on 16 and 17 July, respectively.
According to the seller, the database “consists of 500,000 records including the usernames and hashed passwords from Sephora.co.id (Indonesia) and Sephora.co.th (Thailand)”.
“The listing’s author notes that the data comes from February 2019,” he added.
Meanwhile, the second database surfaced on an underground forum on 28 July, a day before the news of the breach was made known by Sephora.
“As its name implies “Sephora 2019/03 – Shopping – [3.2 million]”, the database contains 3.2 million records, and was leaked in March 2019,” said Mr Sachkov.
With its high-tech tools, Group-IB’s cyber intelligence team “infiltrated sources in closed hacking communities” and initiated contact with the seller, who then supplied the sample of the data being sold.
Mr Sachkov noted that the sample revealed that the database contains all sorts of personal data such as login, encrypted password, date of registration and last activity, IP of registration, last IP, gender, name, surname, ethnicity, eye color, skin tone, skin type, hair color, hair concerns, makeup essentials, and skincare routines.
He then pointed out that the set of data was priced at USD 1,900 (S$2,613).
Even though the records do not include any payment information or decrypted passwords, such detailed information about the customers can be used to carry out social engineering or targeted phishing attacks that is why the scale of the breach shouldn’t be underestimated,” he stated.
“As a precaution, we advise all customers who had accounts at Sephora to change their password, especially if they use the same login/password pair across multiple services, such as email and social media accounts, to avoid them being compromised,” he added.
TOC has reached out to Sephora earlier today for its comments on Group-IB’s findings. We have yet to receive a response, but will provide an update upon receiving a reply.