StorEnvy database has been dumped on a hacker forum for free download.
The popular e-commerce website StorEnvy known for its online store building and social marketplace has been hacked. As a result, personal details of over 1.5 million customers and merchants have been leaked online on a hacker forum for free download, Hackread.com has learned.
Launched in 2012; the St., Chico, CA-based company is home to millions of customers who are now at risk.
According to the database seen by Hackread.com, the data contains emails, passwords, full names, usernames, IP addresses, city, gender, and links to social media profiles.
What’s worse is that all the data such as passwords are available in plain-text format. In some cases, order details like date of order, order number, and payment method used in the purchase can also be seen. However, apparently, shipping addresses or payment card data is not in the database.
Nevertheless, all this data combined is a goldmine for hackers and cybercriminals to carry out phishing/malware attacks, identity-theft related scams, and compromise accounts using the same passwords on other sites.
Hackread.com got in touch with some Storenvy customers who confirmed that they are registered with the e-commerce website.
Although the exact year of the data breach is yet unknown, based on the fact that most of the credentials are still working the breach appears to be recent. Or, it can also be that the database contains accounts that are inactive and their passwords were not changed for a long time.
I decided to share with you Storenvy cracked dump merged with full SQL dump. Below is a sample of the shared data. All passwords are valid and can be tested on Storenvy, said the hacker on the hacker forum.
It is worth noting that according to some media reports, Storenvy suffered a data breach in August 2019 in which allegedly 23 million login credentials were stolen sold on the dark web. However, there was no actual proof of the breach at that time.
If you are a Storenvy customer or merchant, change your password right now. Also, change the password for the email address in case you are using the same password on both accounts, get in touch with the company to inquire about the breach.
Hackread.com has also contacted Storenvy and this article will be updated based on their response.
It seems like e-commerce companies around the world are under attack. Just a few days ago it was reported that Indonesian e-commerce giant Tokopedia was hacked and login details of 91 million customers were sold on the dark web.