Online style service Lookiero: almost 5 million accounts compromised

The Have-I-Been-Pwned project has almost five million more data records. They come from the online stylist service Lookiero.

(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)

Sep 1, 2024 at 10:00 pm CEST

2 min. read

Security

By

Dirk Knop

This article was originally published in German and has been automatically translated.

The Have-I-Been-Pwned Project (HIBP) has added millions of new data records to the data dump. These originate from online style service Lookiero. The data leak apparently took place in March this year.

HIBP submission on the data leak at Lookiero — The HIBP project reports the new data set from Lookiero.

(Image: Screenshot / dmk)

The data was offered for sale on the underground internet forum Breachforums in August. This is confirmed by a screenshot from the Dark Web Intelligence group on X, formerly Twitter.

According to the screenshot, the Lookiero data contained passwords, credit card information and personal information such as user names, addresses and account balances.

Troy Hunt obtains data set in a roundabout way

The mastermind behind HIBP, Troy Hunt, obtained the data from a source that wants to be referenced as oathnet[.]ru. Hunt writes that the data contains e-mail addresses, names, telephone numbers and physical addresses, among other things. A total of 4,981,760 accounts are included in the data. They date back to March 27, 2024 and were made available on Friday of this week with HIBP.

Troy Hunt went on to explain that he had contacted Lookiero about the incident. The company replied that it would "look into it and get back to him if necessary". Apparently, the company did not consider this necessary. There is also currently no indication on the company's website that millions of customer data have fallen into unauthorized foreign hands.

Anyone who has ever used the Lookiero services can check their email address on the HIBP main page to see which data leaks have occurred. It is particularly important to be careful with messages that arrive as e-mails or text messages. Fraudsters can misuse the information that a potential victim was once active on Lookiero for more targeted and targeted phishing, for example.

Read also

Have I Been Pwned: Gigantisches Naz.API-Datenleak hinzugefügt

Cybercriminals gaining access to Internet users' data is a daily occurrence. Numerous online services have already experienced such data leaks. To prevent the direct misuse of data for purchases at the victim's expense, for example, activating multi-factor authentication can help where possible.

(dmk)

Back to top

Alle Angebote

Newsletter heise-Bot Push Push-Nachrichten

${intro} ${title}