Havenly, the online interior design and home decorating platform has disclosed a data breach after a data breach broker leaked 1.3 million user records for free on a popular hacking forum.
ShinyHunters, a well-known seller of stolen data breach records, last month started listing various company databases on the dark web. The trove of combined databases exposed over 386 million user records from 18 companies, including Promo.com and Dave.com.
Although news of the data breach was made public on July 28, Havenly issued no official statement. Yesterday, however, the company posted a data breach notice on its website, informing customers of a “potential incident that may have affected the security of certain customer accounts.”
When BleepingComputer reported on the incident, it disclosed that samples of the leaked database included usernames, full names, MD5 hashed passwords, email addresses, phone numbers, zip, and data related to the use of the site.
Although the notification does not confirm the number of affected accounts or type of compromised information, Havenly is asking all customers to reset the passwords for their account.
“Out of an abundance of caution, we are logging all existing customers out of their Havenly accounts and asking our customers to reset their password when they next log in to the Havenly website,” the letter reads. “As a best practice, we also encourage all of our customers to use different passwords across all online services and applications, and to update those passwords now and on a regular basis”.
To reassure affected customers, the company does highlight that is does not store full credit card numbers or other financial information that could be used in fraud.
“We suspect that many of you will be concerned about the credit card numbers that you’ve used with Havenly in the past,” the company said. “Please note: we do NOT store credit card information, apart from the last 4 digits of the card in some cases, which is not enough to engage in credit card fraud.”
While the news may come as a relief, affected members can still be targeted by phishing emails designed to harvest additional personal and financial information for use in identity theft. Havenly members should also closely monitor their email addresses for unsolicited messages, and adopt good cyber hygiene while using their digital devices.