A massive data breach struck clothing retailer Bonobos this month, and the hackers poached 70GB of personal data, apparently by gaining access to the data through a backup file on a cloud hosting platform.
Bonobos is a major clothing vendor first established as a men's clothing brand that eventually opened more than 60 retail locations. In 2017, Walmart purchased Bonobos for $300 million, and converted it to an e-commerce operation through Jet.com while retaining a small number of brick and mortar stores.
Recently, user ShinyHunters, known for selling stolen data, posted the full Bonobos database to a free hacker forum. The hijacked data included customer addresses, phone numbers, credit card numbers, as well as passwords and purchase histories.
Using these stolen credentials, the hacker deployed credential stuffing techniques to breach other websites by manipulating these pilfered user passwords. Bonobus initiated a notification process to inform its customers about the breach, and stated that its internal systems weren't breached during this takedown. Bonobos advised that only backup files hosted on a third-party cloud hosting platform were compromised.
Although consumers cannot revoke a cyberattack, they can change their password on Bonobus and other websites through the use of unique passwords that ensure their safety going forward. This safeguards their credentials and data, and helps prevent harm from brute-force and credential stuffing attacks.
Users should implement unique passwords for their logins, as well as avoid commonly used phrases, word or number patterns, and personal info. For example: qwerty, password, 12345, and abcde, or any mention of your name and date of birth, etc.
Employing a QR or fingerprint scanner, one-time password (OTP), and other multi-factor authentication (MFA) strategies ensures you are better able to prevent accounts from being compromised.
Password managers provide a good solution, but you need to deploy one that is robust and fully featured. ManageEngine Password Manager Pro accommodates your organization's needs through the entire privileged access life cycle.
Password Manager Pro is a security solution that provides privileged account management, remote access management, and privileged session management. Download a free trial version. Or, evaluate its many features through a live or video demo.