Skip to Content
Security & privacy

Breach! Walmart exposed personal data of 1.3 million U.S. shoppers

Keeping your personal information out of the hands of criminals is hard enough these days. With massive data breaches like the one we recently warned you about at Equifax, it almost seems like the battle is already lost.

But we can’t give up. It’s important to take every precaution available to keep this data safe.

Unfortunately, some situations are out of our control. We need to be able to trust companies that we do business with to have proper security. That’s not always the case. Now, a Walmart partner is responsible for exposing personal data of over a million consumers.

Company’s irresponsibility leads to huge data breach

Another huge data breach was recently detected by security firm Kromtech. The breach exposed personal data of more than 1.3 million consumers from both the U.S. and Canada.

When the exposure was discovered, it was thought to be information compiled by Walmart. That’s because that data was stored in an Amazon S3 bucket named “walmartsql” and was accessible by the public. It turns out that the info belongs to a firm called MBM Company Inc., which operates a company named Limogés Jewelry that partners with Walmart and other companies.

MBM Company Inc. exposed personal data of more than 1.3 million consumers

Limogés doesn’t only partner with Walmart. Other companies clients it has done business with over the years may have also had their critical data exposed. They include Amazon, Sears, Kmart, Target, Overstock and more.

The database in question was publicly accessible from January 13, 2018, until it was recently secured by Walmart. Exposed information includes names, addresses, ZIP codes, phone numbers, email addresses, IP addresses and plain text passwords of the victims’ shopping accounts. The unprotected data dates back to as early as the year 2000. Yikes!

One more act of negligence is, the company didn’t have customers’ passwords encrypted. They were stored in plain text, so anyone who stumbled across this database has your password and didn’t even need to use a tool to crack it.

Is there anything we can do now?

Whenever a major data breach occurs, there are security steps that we should all take. Here are some suggestions.

Keep an eye on your bank accounts 

You should already be frequently checking your bank statements, looking for suspicious activity. It’s even more critical when there is a massive data breach. Especially like the one just discovered at Limogés Jewelry. Since account passwords were left exposed in plain text, thieves could have enough information to break into financial accounts.

If you see anything that seems strange, report it immediately to your bank. It’s the best way to keep your financial accounts safe.

Set up two-factor authentication 

Two-factor authentication (2FA), also known as two-step verification, means that to log into your account, you need two ways to prove you are who you say you are. This is an extra layer of security that will help keep your accounts safe.

With 2FA set up on your accounts, a thief will need more than just a stolen password to break in. Click here to learn how to set up two-factor authentication.

Change your password

Whenever you hear news of a data breach, it’s a good idea to change your account passwords. This is especially true if you use the same credentials for multiple websites. If your credentials are stolen from a breach, criminals can test them on other sites to log into those accounts as well.

Another mistake people make is creating passwords that are too easy for hackers to crack. Many passwords exposed in this Limogés Jewelry breach were just too uncomplicated. Even if they were encrypted, they would have been easy for hackers to crack with a password-guessing tool in just seconds. Read this article to create hack-proof passwords.

Beware of phishing scams 

Scammers will try and piggyback on data breaches like this. They will create phishing emails, pretending to be from Limogés Jewelry or Walmart, hoping to get victims to click on malicious links that could lead to more problems.

That’s why you should familiarize yourself with what phishing scams look like so you can avoid falling victim to one. Take our phishing IQ test to see if you can spot a fake email.

Get a free annual credit report

Under federal law, you are entitled to a free copy of your credit report every year from the three major credit reporting agencies, Experian, Equifax and TransUnion. It’s a good idea to check your credit report following data breaches to make sure everything is on the up and up. Click here to learn how to get a copy of your free annual credit report.


We all do it. You make security mistakes that put your family at risk and probably don’t even know it. In this digital age where everything from your garage door to your laptop, tablet, smartphone and light bulb are connected to the internet, you’re leaving yourself open to hacks. Criminals around the world can remotely access your home.

Tech smarts in 2 minutes a day

Get my Daily Tech Update and the Digital Life Hack. Just one minute each and arm you with the tech knowledge you need to impress your boss and friends with how smart you are.