Havenly Breach: Over One Million User Accounts Got Compromised


The newest online firm that has experienced a massive data breach this year is Havenly Inc., which is an online interior designing and home decorating website. The hackers have published the hacked Havenly breach data on the dark web for absolutely free. The infamous dark web trader named ShinyHunters was spotted the previous week posting stolen data of about 1.4 million accounts online. ShinyHunters are said to be a part of the much more significant data breach of 386 million that even includes the data from the customers of Dave, HomeChef and Promo. This significant breach was disclosed previously.

As per the data breach notification website named “HaveIBeenPwned”, the stolen data from the customers via the Havenly breach mostly included the names, email addresses, geographic locations, phone numbers and passwords that are stored as SHA-1 hashes. Nevertheless, an email that was sent to the customers of the interior designing company from the company’s end last week had failed to mention the compromise of the personal data at all, instead of just focussing on the fact that none of the financial details had been disclosed.

Image: Bleeping Computer

“We are working with external security experts to investigate this matter. However, in the meantime, out of an abundance of caution, we are logging all existing customers out of their Havenly accounts and asking our customers to reset their password when they next log in to the Havenly website,” it continued.

“As a best practice, we also encourage all of our customers to use different passwords across all online services and applications, and to update those passwords now and on a regular basis.”

As per HaveIBeenPwned, the data breach of the company itself took place more than a month ago, that is on the 25th of June 2020, having the personal customer data “extensively shared subsequently all across the online hacking communities.” This means that at the minimum, those same Havenly breach customers should be informed of the prospective identity fraud and phishing risks originating from the incident.

Image: Bleeping Computer

The previous week, it had been disclosed that a data breach conducted had compromised over 14 million accounts. In contrast, one of the LA-based fintech named Dave had included an estimated record of 7.5 million.

Source: InfoSecurity

Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation with the reliance on or usage of any content, goods or services mentioned in this article.


Please enter your comment!
Please enter your name here