weerapat1003 - stock.adobe.com
Singapore-based cyber security firm Group-IB has discovered two databases with customer data on the dark web that are likely to be related to the data breach that hit Sephora, a multinational chain of personal care and beauty stores.
Earlier this week, Sephora informed more than three million online customers in Southeast Asia, Hong Kong, Australia and New Zealand that their personal information “may have been exposed to unauthorised third parties, including first and last name, date of birth, gender, email address and encrypted password, as well as data related to beauty preferences”.
In a statement today, Group-IB said its threat intelligence team had “identified information connected to this incident, and it is our duty to the community to provide clarity to the breach, so that similar incidents can be prevented in the future”.
Group-IB discovered the compromised databases using its proprietary dark web monitoring tools.
The first database was advertised on two dark web forums on 6 and 17 July, respectively. According to the seller, the database comprised 500,000 records including usernames and hashed passwords from Sephora.co.id (Indonesia) and Sephora.co.th (Thailand). The listing’s author noted that the data was from February 2019.
The second database surfaced on an underground forum on 28 July, one day before reports about the Sephora breach surfaced. As its name, “Sephora 2019/03 – Shopping - [3.2 million]”, implies, the database contains 3.2 million records, and was leaked in March 2019.
The Group-IB cyber intelligence team, using its own tools developed over decades, infiltrated sources in closed hacking communities and contacted the seller, who subsequently provided a sample of the data that was being sold.
On examining the data sample, Group-IB analysts found the database contained login information, encrypted passwords, date of registration and last activity, IP address of last activity and names, as well as personal details including hair and eye colour. This dataset was offered for sale at US$1,900.
Read more about cyber security in APAC
- The onslaught of cyber attacks being reported each day has been a wake-up call, but APAC experts say businesses need to be mindful of the limitations of certain security measures.
- Even as Southeast Asia works towards coordinating cyber security strategies, more needs to be done to establish cyber norms.
- Healthcare organisations in the Asia-Pacific region could lose an average of $23.3m to cyber attacks, including losses from productivity and customer churn, a study finds.
- Australia’s privacy watchdog recorded over 800 cases of data breaches, nearly one year into the country’s mandatory data breach notification regime.
Group-IB said that even though the records did not include payment information or decrypted passwords, such details about customers can be used to carry out social engineering or targeted phishing attacks.
“That is why the scale of the breach should not be underestimated,” it added. “As a precaution, we advise all customers who had accounts at Sephora to change their password, especially if they use the same login/password pair across multiple services, such as email and social media accounts, to avoid them being compromised.”
Sanjay Aurora, managing director of Darktrace in Asia-Pacific, said the latest data breach demonstrates that no system – even those belonging to a well-established global brand – is immune to vulnerabilities.
“Online platforms are ultimately just lines of code,” Aurora said. “One seemingly small mistake in these lines of ones and zeros can cause a wide range of unintended business risks to emerge. As retailers rapidly transition to online platforms and apps in lieu of brick and mortar stores, confronting the challenge of cyber security in the digital age will be just as critical as the physical CCTV cameras monitoring for shoplifters.
“But unlike traditional thieves, cyber criminals attack at any time of day or night, steal far more than just goods, and throughout it all, remain entirely anonymous. For this reason, new technologies, such as the ones leveraging AI [artificial intelligence], will become a crucial ally for retailers – enabling them to not only safeguard against advanced attackers but also to stop simple software vulnerabilities from escalating into damaging breaches.”