Massive data breach hits 1.3 million users -- what to do now
Interior-design site Havenly had user data leaked by ShinyHunters
Havenly, an American interior-design and home-decorating company, has confirmed what had been suspected: It's had user information stolen a major data breach.
This became apparently last week when notorious hacker group ShinyHunters offered free access to a Havenly database with 1.3 million pieces of user data via a forum on the dark web.
- Stay anonymous with a one of the best VPN providers out there
- What to do after a data breach
- Just in: Watch out for these fake online shopping sites, FBI warns
Treasure trove of data
According to Bleeping Computer, Havenly told the website over the weekend that it has indeed been one of 18 companies whose stolen data, comprising 386 million user records, was being given away by ShinyHunters.
The other companies include HomeChef, Promo.com, Mathway, Chatbooks, Dave.com, Wattpad annd Microsoft's GitHub account. It's not clear whether ShinyHunters were the group or individual that stole the data, or if the data had already been bouncing around the internet.
As per the Bleeping Computer report, the Havenly database contained information such as account login names, the names of customers, hashed passwords, phone numbers, zip codes, email addresses and website usage data.
But the passwords were apparently hashed using the rather weak MD5 algorithm, which means many of them are as good as cracked.
You'll definitely need to change your Havenly password, but you should also change it anywhere else you used the same password -- and make sure that each of those other sites and services gets a different password. One of the best password managers will help mightily with those chores.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
Havenly told Bleeping Computer that it had begun alerting users of the incident, although there didn't seem to anything about it on the Havenly website when we were finalizing this story midday Monday (Aug. 3).
Confirming the breach
Havenly told Bleeping Computer that it had "recently become aware of a potential incident" and as a result was forcing all users to change their passwords.
"We take the security of our community very seriously," read Havenly's statement to Bleeping Computer. "As a precaution, we wanted to let you know that we recently became aware of a potential incident that may have affected the security of certain customer accounts. We are working with external security experts to investigate this matter.
"However, in the meantime, out of an abundance of caution, we are logging all existing customers out of their Havenly accounts and asking our customers to reset their password when they next log in to the Havenly website. As a best practice, we also encourage all of our customers to use different passwords across all online services and applications, and to update those passwords now and on a regular basis.”
Havenly added that while it doesn’t have access to complete credit card numbers, the last four numbers could be impacted by the breach.
It explained: "We suspect that many of you will be concerned about the credit card numbers that you've used with Havenly in the past. Please note: we do NOT store credit card information, apart from the last 4 digits of the card in some cases, which is not enough to engage in credit card fraud.”
What to do
Companies are increasingly being affected by security breaches, and cyber criminals are constantly finding ways to bypass security systems. So it’s crucial that people take steps to protect their data.
You should only create strong passwords, avoid reusing passwords, sign up to breach notifications from companies and download one of the best antivirus programs.
- More: Stay anonymous without the spend with a cheap VPN
Nicholas Fearn is a freelance technology journalist and copywriter from the Welsh valleys. His work has appeared in publications such as the FT, the Independent, the Daily Telegraph, The Next Web, T3, Android Central, Computer Weekly, and many others. He also happens to be a diehard Mariah Carey fan!