E-commerce firm StorEnvy hacked; 1.5m plain-text accounts leaked

StorEnvy database is being dumpled on a hacker forum for free download.

StorEnvy database has been dumped on a hacker forum for free download.

The popular e-commerce website StorEnvy known for its online store building and social marketplace has been hacked. As a result, personal details of over 1.5 million customers and merchants have been leaked online on a hacker forum for free download, Hackread.com has learned.

Launched in 2012; the St., Chico, CA-based company is home to millions of customers who are now at risk.

According to the database seen by Hackread.com, the data contains emails, passwords, full names, usernames, IP addresses, city, gender, and links to social media profiles.

See: Adult streaming site CAM4 leaks 7 TB of data with 11 billion records

What’s worse is that all the data such as passwords are available in plain-text format. In some cases, order details like date of order, order number, and payment method used in the purchase can also be seen. However, apparently, shipping addresses or payment card data is not in the database.

Nevertheless, all this data combined is a goldmine for hackers and cybercriminals to carry out phishing/malware attacks, identity-theft related scams, and compromise accounts using the same passwords on other sites.

E-commerce firm StorEnvy hacked; 1.5m plain-text accounts leaked
Sample data being traded on a hacker forum (Image: Hackread.com)

Hackread.com got in touch with some Storenvy customers who confirmed that they are registered with the e-commerce website.

E-commerce firm StorEnvy hacked; 1.5m plain-text accounts leaked
A screenshot sent by one of the affected customers to Hackread.com

Although the exact year of the data breach is yet unknown, based on the fact that most of the credentials are still working the breach appears to be recent. Or, it can also be that the database contains accounts that are inactive and their passwords were not changed for a long time.

I decided to share with you Storenvy cracked dump merged with full SQL dump. Below is a sample of the shared data. All passwords are valid and can be tested on Storenvy, said the hacker on the hacker forum.

It is worth noting that according to some media reports, Storenvy suffered a data breach in August 2019 in which allegedly 23 million login credentials were stolen sold on the dark web. However, there was no actual proof of the breach at that time.

E-commerce firm StorEnvy hacked; 1.5m plain-text accounts leaked
Screenshot from August 2019

If you are a Storenvy customer or merchant, change your password right now. Also, change the password for the email address in case you are using the same password on both accounts, get in touch with the company to inquire about the breach.

Hackread.com has also contacted Storenvy and this article will be updated based on their response.

See: France’s largest newspaper exposed 8 TB of data with 7.4 billion records

It seems like e-commerce companies around the world are under attack. Just a few days ago it was reported that Indonesian e-commerce giant Tokopedia was hacked and login details of 91 million customers were sold on the dark web.

Did you enjoy reading this article? Do like our page on Facebook and follow us on Twitter.

Total
0
Shares
1 comment

Comments are closed.

Related Posts