Skip to Content
Security & privacy

6.42 million shoppers hit by online fashion shopping giant’s massive data breach

Do you love buying your clothes online? Online shopping can be convenient and fun, but there’s a downside — with the frequency of data breaches occurring these days, your information is at constant risk from hackers and identity thieves.

Website hacks and compromised point-of-sales seem to occur on a regular basis and the next big cyberattack is just around the corner.

Take this newly revealed data breach, for instance. If you shopped for clothes here recently, there’s a good chance that hackers now have your personal information.

Read on and learn more about the latest data breach that’s affecting millions of this online clothing shop’s customers.

SHEIN data breach

Women’s online fashion store SHEIN has announced recently that its servers were recently breached with a sophisticated criminal cyberattack that leaked the confidential information of around 6.42 million customers.

The company confirmed the hackers managed to snag personal information including email addresses and the encrypted passwords of customers who visited its website between June 2018 and early August 2018.

However, SHEIN claims that they haven’t seen evidence that credit card information was taken from their systems during the breach since it doesn’t store that type of data on its servers.

Immediately upon becoming aware of the breach, SHEIN revealed that it hired a leading international forensic cybersecurity firm and an international law firm to conduct a thorough investigation.

However, SHEIN also admitted in its advisory that it became aware of the breach on Aug. 22. Why it waited almost a month to inform its customers is a bit troubling to us.

Fun fact: SHEIN was established in 2008 by a small group of entrepreneurs from North Brunswick, New Jersey.

SHEIN Website

What happened?

According to SHEIN’s security advisory, the attackers managed to breach its security protections and plant malware on its servers.

The company did not specify the type of malware that was involved in the cyberattack but it wrote that the affected SHEIN servers have been scanned and the malware has been removed. The server backdoors and entry points used by the hackers have also been closed and removed.

The investigators and SHEIN’s IT department will continue to closely monitor their network and servers to prevent similar breaches in the future.

What now?

SHEIN is now in the process of notifying affected customers and the proper authorities about the cyberattack.

Customer notices are now being sent via email that provide instructions on how to reset account passwords via SHEIN’s website.

Customers can also log into their account on SHEIN’s website, visit “Account Settings” then click the “Edit Password” link to immediately to protect their accounts.

Although there is no evidence that credit card information was stolen, SHEIN is urging its customers to contact their bank or credit card company if they notice any suspicious activity on their payment cards.

SHEIN is also offering a year’s worth of identity theft monitoring services to affected customers. Contact SHEIN at 844-802-2500 for more information.

Hackers are becoming more dangerous than ever

It’s easy to become complacent as we get news of yet another data breach each day. But the truth is tens of millions of hackers are launching billions of online attacks to get your information. Kim Komando tells you who the worst offenders are.

What to do after a data breach?

Whenever a data breach like this occurs, there are standard security steps that we should all take to protect our accounts.

  • First, you should already be frequently checking your bank statements, looking for suspicious activity. If you see anything that seems strange, report it immediately to your bank. It’s the best way to keep your financial accounts safe.
  • Scammers will try and piggyback on data breaches like this. Beware of phishing scams that pretend to be from SHEIN.
  • It’s also a good time to audit your online accounts and passwords. This is especially true if you use the same credentials for multiple websites. 
  • Lastly, if you think you are already compromised, put a credit freeze on your accounts as soon as you can.

Tap or click here for detailed tips on how to improve your online security.

cryptocurrency e-book hero

New eBook: ‘Cryptocurrency 101’

Don't want to lose your dough to crypto? Check out my new eBook, "Cryptocurrency 101." I walk you through buying, selling, mining and more!

Check it out