Sephora App and Online Store Hacked, Australasia Customers Affected
Do you happen to be a Sephora cosmetics online customer these past few weeks? If yes, and you are living in Australasia (Australia, New Zealand and the rest of the Southeast Asian region), then your personal customer information may be included in the records that were stolen in a data breach. Sephora sent all their Australasia customers an email providing specific details of the data loss in the breach, including the hopes to repair its reputation.
“We understand how important your personal information is and value the trust you place in us to protect it. Over the last two weeks, we discovered a breach in data related to some customers who have used our online services in Singapore, Malaysia, Indonesia, Thailand, Philippines, Hong Kong SAR, Australia, and New Zealand,” explained Alia Gogi, Sephora’s SEA Managing Director.
The public disclosure mentioned the following information from Australiasian customers may already be in the hands of unknown parties:
- Full name
- Birth date
- Email address and its corresponding hashed password
- Cosmetics, make-up and other beauty products personal preferences
As of this writing, cosmetics and make-up seller denies that customer credit card information was included in the data breach. Sephora, being a non-IT company has signed-up with a partnership with independent digital forensic investigations in order to further probe the incident.
“We are sorry for any concern or inconvenience this may cause you. As a precaution, we have cancelled all existing passwords for customer accounts and have thoroughly reviewed our security systems. We are also offering a personal data monitoring service, at no cost to you, through a leading third-party provider. We would like to assure you that we will continue to take all necessary steps to protect your privacy,” added Gogi.
The company clarified that their brick and mortar store customers are not affected by the breach. The customer records lost only include people who patronized their products through their official website’s shopping card and their Android and iOS apps. The database they used to store customer information for their online, the database specifically assigned for Southeast Asia, Australia, Hongkong, and New Zealand app and website users.
The “over the last two weeks” length of the data breach is enough time to extract a huge amount of information from a database. The company has not revealed how much information in gigabytes was leaked to unknown parties, nor if they have a suspicion who is behind the incident. Sephora also has not detailed how the personal data monitoring services will function for the victims, the company that customers need not to sign-up for a separate service, as the company will pay for one.
Julia Sowells960 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.