SHEIN fashion retailer announces breach affecting 6.42 million users

Hack took place somewhere in June, but the company only discovered the breach in late August.
Written by Catalin Cimpanu, Contributor

Online fashion store SHEIN announced a security breach last week that affected around 6.42 million of its customerbase. The North Brunswick-based company is currently in the process of contacting all affected users and asking them to change passwords for their online store accounts.

The company says the breach occurred over the summer, sometime in June, when hackers carried out "a sophisticated criminal cyberattack on its computer network."

Also: Best Home Security Devices for 2018 CNET

No technical details were provided about how the actual breach went down, but SHEIN said the intruders managed to gain access to customers' email addresses and encrypted passwords for its online store accounts.

The company discovered the incident on August 22, according to a press release SHEIN circulated on Friday, September 21.

"We have seen no evidence that your credit card information was taken from our systems and SHEIN typically does not store credit card information on its systems," the company said in an advisory posted on its website.

Also: Why 31% of data breaches lead to employees getting fired TechRepublic

The retailer says it hired a well-known forensic cybersecurity firm as well as an international law firm to help it investigate the incident further.

By the way SHEIN described the incident, this breach doesn't appear to be related to the recent wave of Magecart hacks --incidents where hackers placed card-stealing code inside the JavaScript files of legitimate sites.

Magecart hacks have been recently reported by Ticketmaster, British Airways, Feedify, ABS-CBN, Newegg, but also Hats.com, TechRabbit, Title Nine, and Stein Mart.

SHEIN, also spelled SheIn, is a US-based online store dedicated to women's fashion. The company was founded in 2008, and it currently ships to over 80 countries all over the world.

These are 2018's biggest hacks, leaks, and data breaches

Previous and related coverage:

What is malware? Everything you need to know

Cyber attacks and malware are one of the biggest threats on the internet. Learn about the different types of malware - and how to avoid falling victim to attacks.

Security 101: Here's how to keep your data private, step by step

This simple advice will help to protect you against hackers and government surveillance.

VPN services 2018: The ultimate guide to protecting your data on the internet

Whether you're in the office or on the road, a VPN is still one of the best ways to protect yourself on the big, bad internet.

Five computer security questions you must be able to answer right now

If you can't answer these basic questions, your security could be at risk.

Critical infrastructure will have to operate if there's malware on it or not

Retired US Air Force cyber-security expert shares his thoughts on the future of critical infrastructure security.

Ordinary Wi-Fi devices can be used to detect suspicious luggage, bombs, weapons

Researchers turn ordinary WiFi devices in rudimentary scanners that can identify potentially dangerous objects hidden inside bags or luggage.

Related stories:

Editorial standards