- Dark Web Trio Sentenced - October 15, 2023
- Dymocks Data: Darknet Hit? - October 15, 2023
- Dark Web Forum Shows How to Synthesize Methamphetamine at Home - October 4, 2023
Dymocks, the popular bookstore chain with locations in Australia, New Zealand, Hong Kong, and an online store, has issued a cautionary alert to its customers regarding a significant data breach. The breach came to light when the company’s database appeared on hacker forums, exposing sensitive customer information.
Dymocks Data Breach: What You Need to Know
The breach was initially reported on September 6, 2023, by Troy Hunt, the creator of ‘Have I Been Pwned,’ a service dedicated to monitoring data breaches. Dymocks has clarified that its internal security systems were not compromised in this incident, suggesting that the breach may have occurred through its partners, a detail that researchers are still working to confirm.
Preliminary information indicates that the following customer data was compromised:
- Full names
- Dates of birth
- Email addresses
- Mailing addresses
- Genders
- Membership details (current account status, account creation date, and client card privileges)
It’s important to note that customers’ financial data was not stored in electronic databases and thus remains secure from the breach. According to the ‘Have I Been Pwned’ service, data from 1.2 million records, corresponding to 836,120 unique Dymocks accounts, was shared.
Dymocks has promptly notified relevant authorities and is actively investigating the breach. The company is also taking comprehensive measures to enhance the security of its online shopping platform.
Troy Hunt revealed that customer data had been circulating on various Telegram channels and hacker forums since at least June, indicating that cybercriminals may have already exploited the stolen information for phishing attacks and other fraudulent activities. Although passwords were not disclosed, it is strongly recommended that users change their passwords. Additionally, users should update passwords on any other platforms where they may have used the same credentials. Caution is advised regarding emails requesting credit card or account information to prevent falling victim to potential scams.