Havenly, an American interior design and home decorating company, has admitted what it has long suspected: user information has been stolen.
This was revealed last week when the notorious hacker collective ShinyHunters offered free access to the Havenly database containing 1.3 million user data via a forum on the Dark Web.
According to Bleeping Computer, Havenly told the site over the weekend that it was one of 18 companies that were provided stolen data consisting of 386 million user records to ShinyHunters.
Other companies include HomeChef, Promo.com, Mathway, Chatbooks, Dave.com, Wattpad, and Microsoft's GitHub account. is ShinyHunters the group or individual who stole the data? or whether the data was already available on the Internet.
Bleeping Computer reports that Havenly's database contained information such as account login names, customer names, hashed passwords, phone numbers, zip codes, email addresses, and website usage data.
However, it appears that the passwords were hashed using a fairly weak MD5 algorithm, which means that much of it is as good as cracked.
You definitely need to change your Havenly password, but you also need to change it everywhere else you used the same password. One of the best password managers would greatly help with these chores.
Havenly told Bleeping Computer that when we were finalizing this story during the day on Monday (August 3), the Havenly website appeared to have nothing about it, but it began alerting users of the incident.
Havenly told Bleeping Computer that it had "recently become aware of a potential incident" and that as a result all users had been forced to change their passwords.
"We take the security of our community very seriously," read Havenly's statement to Bleeping Computer. "As a precautionary measure, we wanted to let you know that we recently became aware of a potential incident that may have affected the security of certain customer accounts. We are working with outside security experts to investigate this issue.
"In the meantime, however, as a precaution, we are logging all existing customers out of their Havenly accounts and asking customers to reset their passwords the next time they log into the Havenly website. As a best practice, we also encourage all customers to use different passwords for all online services and applications and to update these passwords now and periodically.
Havenly added that while the full credit card numbers are not accessible, the last four numbers may be affected by the breach.
It explained: "We understand that many of you are concerned about credit card numbers you have used with Havenly in the past. Please note: We do not store credit card information, except in some cases for the last four digits of the card.
Businesses are increasingly affected by security breaches, and cybercriminals are constantly finding ways to bypass security systems. It is therefore crucial that people take steps to protect their data.
They should create only strong passwords, avoid reusing passwords, sign up for breach notifications from companies, and download the best antivirus programs.
Comments