In a news update on September 21, woman’s fashion seller Shein announced that there was a significant data breach over the course of the summer caused by a “criminal cyberattack” that just now been revealed to the public. The breach was first uncovered in August when the IT team noticed suspicious activity on their internal network. When it was discovered that backdoors had been installed in their servers, namely servers that allowed attackers access to customer databases, Shein “hired a leading international forensic cybersecurity firm as well as an international law firm to conduct a thorough investigation.”
While the investigation is still ongoing, the company confirmed in their statement that a large chunk of their customer base was affected in the data breach. On this development, Shein stated the following:
While the full extent of the attack will continue to be investigated, it can now be confirmed that the personal information illegally acquired by the intruders included email addresses and encrypted password credentials of customers who visited the company website. It is our understanding that the breach began in June 2018 and continued through early August 2018 and involves approximately 6.42 million customers. Shein may update this information at a later date based on any new findings.
The backdoor malware has been confirmed to no longer exist on the servers thanks to the threat response team hired to stabilize the network. Though this is the case, the damage has already been done. As a sign of good faith to its customers, and honestly, in an attempt to head off a total PR nightmare, Shein has promised to offer “one year of identity theft monitoring to affected customers in certain markets.”
The extent of this protection is vague, but it would be prudent for customers of Shein to contact their customer service and find out what their options are. Additionally, any past or present customers of the apparel company should closely monitor their accounts for fraudulent charges and anything else that may indicate a criminal is abusing their financial data.
Featured image: Shein