Sephora hit by data breach, Malaysian users affected

Beauty retailer, Sephora, has made an announcement that the personal details of “some customers” have been leaked, with online customers in Singapore, Malaysia, Indonesia, Thailand, Hong Kong, the Philippines, Australia, and New Zealand affected. There isn’t any info on how many users have been affected, however.

According to CNA, personal information of users including first and last names, birthdates, gender information, encrypted passwords, email addresses, and personal beauty preferences were leaked as a result of the breach. However, Sephora says that no credit card information was compromised, and that they have no reason to believe that any information has been misused.

Here’s an email that Sephora sent to its online users recently:

All existing passwords for online users have been deleted as a precautionary measure, while South East Asia Managing Director, Alia Gogi, added that that Sephora will be offering a 3rd party-based personal data monitoring service.

At the moment, Sephora says that it is safe to continue using its website and mobile app, and that none of its physical stores have been affected by the breach. If you haven’t changed your Sephora account password, please do so as a precaution. Users can also register for the personal data monitoring service by the 30th of November 2019.

CNA also reports that advisory company Brunswick group has said that Sephora’s databases in the region operate independently from each other. This means that anyone from other regions (than those listed above) aren’t affected by the breach in any way.