Data from Sephora and StreetEasy data breaches added to HIBP

The popular data breach notification service Have I Been Pwned? (HIBP) has added the stolen data from the StreetEasy and Sephora data incidents.

Have I Been Pwned? (HIBP), the popular service that allows users to check whether their personal data has been compromised by data breaches has added the stolen data from the StreetEasy and Sephora data incidents.

Users can check if their data have been exposed in the StreetEasy and Sephora data breaches.

The StreetEasy data breach took place in the mid-2016 and exposed 988k records that included names, usernames, email addresses and SHA-1 password hashes. The data has been available for sale in the cybercrime underground since February. In February, Gnosticplayers hacker offered a third round of databases containing millions of hacked accounts from unreported data breaches, including Streeteasy (Real estate) with 990,000 records.

“In approximately June 2016, the real estate website StreetEasy suffered a data breach. In total, 988k unique email addresses were included in the breach alongside names, usernames and SHA-1 hashes of passwords, all of which appeared for sale on a dark web marketplace in February 2019. The data was provided to HIBP by a source who requested it be attributed to “[email protected]”.” reads HIBP.

HIBP also included data from a data breach suffered by Sephora Southeast Asia in January 2017 that exposed data for 780,073 customers, including customer’s dates of birth, email addresses, ethnicities, genders, names, and physical attributes.

“In approximately January 2017, the beauty store Sephora suffered a data breach. Impacting customers in South East Asia, Australia and New Zealand, 780k unique email addresses were included in the breach alongside names, genders, dates of birth, ethnicities and other personal information. The data was provided to HIBP by a source who requested it be attributed to “[email protected]”.” reads HIBP.

Data from the Sephora data breach has been seen being also sold on online hacker forums.

Users impacted by the data breaches have to change their passwords also on every site that shares the same credentials.

The post Data from Sephora and StreetEasy data breaches added to HIBP appeared first on Security Affairs.