The personal data of approximately 2.1 million customers of Piping Rock, an online retailer of health products, has been compromised and leaked online.
The breach, which took place earlier this month, involved the unauthorized distribution of sensitive customer data through a hacking forum, a situation that exposes individuals to potential fraud and identity theft.
The data breach was disclosed by a threat actor named “ShopifyGUY” on Breach Forums, a notorious platform for sharing hacked data. According to the post, the leaked information includes over 2.1 million email addresses, with 957,384 of these records also encompassing full customer details such as names, phone numbers, physical addresses, and purchase histories.
The leaked data has now been verified and added to the breach notification service “Have I Been Pwned,” making it accessible for users to check if their information was compromised. Impacted users should also receive an email notification by HIBP to alert them about the breach.
A sample of the leaked data was made available through a file-sharing service, providing proof of the breach's authenticity, while the rest was offered to forum members for a symbolic price.
The leak of such comprehensive personal information not only violates privacy but also puts affected customers at risk of phishing attacks, identity theft, and other forms of fraud.
The threat actor alleged that the management at Piping Rock had ceased negotiations, suggesting a breakdown in communication or a refusal to engage in resolving the breach through the payment of a ransom.
If you have purchased anything from Piping Rock in the past, you are advised to following these protective steps:
- Visit Have I Been Pwned to check if your information was part of the breach.
- Immediately change your passwords for Piping Rock and other sites where you may have reused the same passwords.
- Keep an eye on your bank statements and credit report for any unauthorized activities.
- Be cautious of unsolicited communications asking for your personal information or directing you to web pages asking for personal details.
Piping Rock has not issued any statements about the data breach incident yet.
New LightSpy Malware Variant Targets macOS Devices
hello
I had a question. so I recently purchased a scanning program that would scan all viruses and malware as well as alerting me of data breaches. I purchased this software last month. so recently I did a scan on the software to alert me of any data breaches and apparently Piping Rock was one of those who leaked my data but the softer I used did not display a breach leaked date but said that it was last scanned in May of 2024. this included in my first and last name and my phone number. apparently there are also two other data breaches from MyFitnessPal and some place called gravatar which I’ve never heard of before and those two my data was breached a few years ago from each website. apparently the breach from Piping Rock was rated low severity while the other two were rated High severity. so my question is what would you advise I do to take any further action if needed against any of these websites that expose my information and to also include that Piping Rock never notified me that that happened. could I have your Insight on this?