Havenly has become the latest online firm to suffer a serious breach of customer data after hackers published the information for free on the dark web.
Notorious dark web trader ShinyHunters was spotted last week posting the data of nearly 1.4 million accounts online.
They’re said to be part of a much bigger 386 million record trove including data from customers of Dave, Promo and HomeChef, which has been previously disclosed.
According to breach notification site HaveIBeenPwned, the data from Havenly customers includes email addresses, names, phone numbers, geographic locations and passwords stored as SHA-1 hashes.
However, an email to customers from the interior design company last week failed to mention the compromise of personal data at all, instead focusing on the fact that no financial details were disclosed.
“We are working with external security experts to investigate this matter. However, in the meantime, out of an abundance of caution, we are logging all existing customers out of their Havenly accounts and asking our customers to reset their password when they next log in to the Havenly website,” it continued.
“As a best practice, we also encourage all of our customers to use different passwords across all online services and applications, and to update those passwords now and on a regular basis.”
According to HaveIBeenPwned, the breach itself took place over a month ago, on June 25, with the personal customer data “subsequently shared extensively throughout online hacking communities.”
That means, at the very least, those same customers should be informed of potential phishing and identity fraud risks stemming from the incident.
Last week it was revealed that a breach at Promo.com had compromised over 14 million accounts, while one at LA-based fintech Dave included an estimated 7.5 million records.