Digital Forensics Dispatch

70GB Database Leaked from Bonobos Data Breach

January 28, 2021

Lawrence Abrams of Bleepingcomputer.com reported that the men’s clothing retailer Bonobos suffered a data breach. The threat actor known as ShinyHunters posted the full Bonobos database on a free hacker forum. The database is 70GB and contains information such as customer addresses, phone numbers, partial credit card numbers, order information and password histories. Abrams writes “After BleepingComputer contacted Bonobos about the leaked database, the clothing store told us that the threat actors did not gain access to internal systems but rather to a backup file hosted in an external cloud environment.”

Following an email from Bonobos, BleepingComputer reports that the company contacted the host of the cloud environment as soon as it was aware of the breach and that it is implementing additional security measures for systems and for their customers. Bonobos has also stated that they are still investigating the breach. The information gained by the threat actors can be used to target customers with specific phishing attacks that contain the information that they were able to access. Abrams reports that, as of January 24, 2021, Bonobos started to notify customers of the breach and what actions they could take to secure their accounts. Abrams provides some critical information about what steps a Bonobos user can take to re-secure their account and what to be looking out for in potential phishing emails.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics