Breach, Data Security, Network Security

Insecure server holding U.K. fashion retailers’ customer data breached by white hat

A server containing a database holding customer information pertaining to various U.K.-based online fashion retailers was discovered to be insecure after it was breached by a white-hat hacker on July 9.

Third-party IT and e-commerce services provider Fashion Nexus, which manages the server in question, disclosed in an online notification that roughly 922,000 unique email addresses were left exposed by the server — although 280,000 of these addresses had been previously exposed "by audit processes in brute force login attempts from external unrelated already-breached email lists."

However, security expert Graham Cluley reported a higher number, writing in a July 30 blog post that the faulty server exposed data on approximately 1.3 million shoppers.

Fashion Nexus's clients Jaded London, AX Paris, Elle Belle Attire, Perfect Handbags,and Traffic People — all apparel and accessories merchants — are affected. Cluley reported that DLSB was impacted as well, but Fashion Nexus contended that this retailer's data was not taken.

Potentially exposed data includes salted password hashes, names, birth dates, email addresses, phone numbers, and some shipping addresses, but not financial information.

Crediting the insecure server's discovery to ethical hacker Taylor Ralston, Cluley said it is unclear what the cause of the breach is. However, Fashion Nexus's statement did briefly refer to an unspecified bug, noting, "The breach was quickly identified and the vulnerability removed." The company also said that the Information Commissioner's Office (ICO) was informed of the incident.

Additionally, Cluley reported that Fashion Nexus' sister company White Room Solutions told him that “the breach was via a site that has subsequently been taken down and is considered resolved."

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.