If you have an online account with Sephora, you may want to check your account and reset your password: the beauty retailer has just admitted through an email to members that a breach of online users’ data has occurred.
According to the email, this data breach was discovered over the past two weeks, and affects customers in Singapore, Malaysia, Indonesia, Thailand, the Philippines, New Zealand, and Australia, although it is not stated exactly how many customers were affected in the data breach.
Personal information that was exposed to unauthorised third parties include first and last name, date of birth, gender, email address and encrypted password, as well as data related to beauty preferences. However, it was emphasised by Sephora’s managing director of South-east Asia that no credit card information was accessed and that the company had “no reason to believe that any personal data has been misused”.
Sephora has since apologised and cancelled all existing passwords for customer accounts.
It has also conducted a review of its security systems and is offering a free personal data monitoring service to its customers through a third-party provider. Customers who wish to service can sign up at a link provided by Sephora while using a unique code by Nov 30.
You are strongly recommended to change the password to your Sephora account as soon as possible – be sure to do that ASAP!