Malware steals passwords from 6.4 million SHEIN customers

From hotforsecurity.bitdefender.com

Women’s fashion retailer SHEIN has suffered a major security breach that has exposed the personal information and passwords of over six million customers.

In a press statement, SHEIN reveals that it discovered on August 22 2018 that malicious hackers had compromised its computer network, and that between June and early August 2018 customer email addresses and “encrypted password credentials” had been stolen.

According to the company, malware had opened backdoors on corporate servers through which the attackers had stolen data associated with approximately 6.42 million customers.

What hasn’t been disclosed is how the malware came to be planted on SHEIN’s servers, and says it is against its policy to discuss the specific details, but SHEIN does say that the security holes exploited by the hackers have now been closed.

From the description, the attack against SHEIN does not appear to bear the hallmarks of the Magecart attacks which have impacted a number of sites in recent months, including Ticketmaster.

 

Read more here