Report: Bonobos database breached by notorious hacker

A cyberattack has reportedly exposed customer information of a Walmart-owned omnichannel menswear brand.

According to BleepingComputer, personal data of millions of Bonobos customers was illegally downloaded by a well-known hacker who uses the alias “ShinyHunters.” The hacker, who has previously sold information stolen from corporate databases, was able to gain access to a cloud backup of a 70GB Bonobos customer database. 

ShinyHunters then posted information including addresses, phone numbers, order information, encrypted passwords, and last four credit card digits from millions of Bonobos customers on a free hacker forum. Not every customer whose data was exposed had every piece of information displayed on the forum. Another threat actor has reportedly claimed to have already figured out 158,000 of the encrypted passwords.

"We’re investigating this matter further and, so far, have found no evidence of unauthorized parties gaining access to Bonobos’ internal system,” Bonobos said in a statement emailed to BleepingComputer. “What we have discovered is an unauthorized third party was able to view a backup file hosted in an external cloud environment. We contacted the host provider to resolve this issue as soon as we became aware of it…Payment information was not affected by this issue.”

Bonobos also stated in the email that it has taken additional precautionary steps, including turning off access points, invalidating account passwords and requiring password resets; and is emailing customers to notify them that their contact information and encrypted passwords may have been viewed by an unauthorized third party. 
 

X
This ad will auto-close in 10 seconds