Software violation search page Have I Been Pwned added the software infringements from StreetEasy and Sephora privacy to their motor so that users can verify if their information has been leaked.
In June 2016, according to HIBP, StreetEasy was hit by a data breach that exposed data to nearly 1 million users. This data included e-mail addresses, initials, usernames and passwords
“In approximately June 2016, the real estate website StreetEasy suffered a data breach. In total, 988k unique email addresses were included in the breach alongside names, usernames and SHA-1 hashes of passwords, all of which appeared for sale on a dark web marketplace in February 2019. The data was provided to HIBP by a source who requested it be attributed to “JimScott.Sec@protonmail.com”.”
HIBP also claimed that in January 2017, Sephora Southeast Asia was breached and data for 780,073 customers was stolen. The stolen data included birth dates, e-mail addresses, race, age, names and physical attributes
“In approximately January 2017, the beauty store Sephora suffered a data breach. Impacting customers in South East Asia, Australia and New Zealand, 780k unique email addresses were included in the breach alongside names, genders, dates of birth, ethnicities and other personal information. The data was provided to HIBP by a source who requested it be attributed to “JimScott.Sec@protonmail.com”.”
The data for these two breaches was sold and exchanged on online hacker websites.
Using this information, attackers may attempt to gain access to other accounts of a affected user by using credentials. The password is when hackers attempt to access sites ‘ accounts with the passwords revealed in software violations from other sites.
Because of this, it is strongly recommended that everyone on -platform that has an account uses unique passwords. This will not impact any sites that you have an account if one page is compromised or customer information is stolen.
Check if you’re in breach
You can now search the Have I Been Pwned website if you have been a client of any of these businesses and have not received a message or if your data is part of the breach.
To do this, simply enter your email address in the search field and click on the pwned? Click Button.
The website will check your e-mail address in its databases and note any data breaches that are checked for your information.