The personal data of approximately 2.1 million customers of Piping Rock, an online retailer of health products, has been compromised and leaked online.
The breach, which took place earlier this month, involved the unauthorized distribution of sensitive customer data through a hacking forum, a situation that exposes individuals to potential fraud and identity theft.
The data breach was disclosed by a threat actor named “ShopifyGUY” on Breach Forums, a notorious platform for sharing hacked data. According to the post, the leaked information includes over 2.1 million email addresses, with 957,384 of these records also encompassing full customer details such as names, phone numbers, physical addresses, and purchase histories.
The leaked data has now been verified and added to the breach notification service “Have I Been Pwned,” making it accessible for users to check if their information was compromised. Impacted users should also receive an email notification by HIBP to alert them about the breach.
A sample of the leaked data was made available through a file-sharing service, providing proof of the breach's authenticity, while the rest was offered to forum members for a symbolic price.
The leak of such comprehensive personal information not only violates privacy but also puts affected customers at risk of phishing attacks, identity theft, and other forms of fraud.
The threat actor alleged that the management at Piping Rock had ceased negotiations, suggesting a breakdown in communication or a refusal to engage in resolving the breach through the payment of a ransom.
If you have purchased anything from Piping Rock in the past, you are advised to following these protective steps:
- Visit Have I Been Pwned to check if your information was part of the breach.
- Immediately change your passwords for Piping Rock and other sites where you may have reused the same passwords.
- Keep an eye on your bank statements and credit report for any unauthorized activities.
- Be cautious of unsolicited communications asking for your personal information or directing you to web pages asking for personal details.
Piping Rock has not issued any statements about the data breach incident yet.
New LightSpy Malware Variant Targets macOS Devices
Leave a Reply