Over a million customers of a host of UK fashion websites have had their data leaked online – although they would not know it from a visit to the website of one of those affected: a deafening public silence could be heard this morning.
A breach of web development and ecommerce company Fashion Nexus – which with sister company White Room Solutions has built a wide range of ecommerce sites – left the names, email addresses and phone numbers of some 1.4 million customers exposed.
That’s according to well-known security researcher Graham Cluley, who said the data was found by white hat hacker Taylor Ralston (and who notes that Fashion Nexus and White Room Solutions don’t support https).
Brands including AX Paris, DLSB, Elle Belle Attire, Perfect Handbags and Traffic People are among those affected. None had responded to a request for comment from Computer Business Review this morning. Payment details were not exposed.
White Room Solutions – which has been contacted by Computer Business Review – told Cluley that it had informed the affected brands and was leaving it up to them to contact their exposed customers about their data being breached, as well as inform the Information Commissioner’s Office (ICO).
Ryan Wilk, vice president at NuData Security, a Mastercard company, said in an emailed statement: “Although payment data was not exposed, the personally identifiable information accessed can easily fuel synthetic identity fraud and identity theft.”
He added: “With these types of fraud, personally identifiable information such as name, address, or date of birth is traded on the dark web to steal a real identity or construct an entirely new fraudulent one for theft. NuData has seen a 100% increase in purchase attempts with flagged – suspicious – credit cards, which are often used under a fake account that has been created with stolen information.”
“This is why retailers, e-Commerce organisations, banks, and financial institutions are layering in multi-layered security strategies using passive biometrics and behavioural analytics. These technologies can identify and protect companies against fake accounts created with stolen information using automation.”