ROMWE Chinese e-commerce site hacked, over 7.3 million passwords and emails stolen
ROMWE Chinese e-commerce site hacked, over 7.3 million passwords and emails stolen
Marco A. De Felice aka amvinfe January 1, 2021 No Comments Data Breache-commerceROMWEZoeTop Business
The data breach against ROMWE brought the hacker group 7,341,382 between passwords, e-mail addresses and telephone numbers of users from all over the world registered on the Chinese e-commerce platform that sells clothing. The stolen data are sold in dark web.
The data theft, according to the statements of the company based in Fanling - Hong Kong, would have started on July 14, 2018.
A very long time span of over two years in which the Chinese company ROMWE (ZoeTop Business Co., Ltd. group) was unable to protect its customers residing in Italy, Germany, UK, US, Canada, Australia and in many other states.
According to the press release of ROMWE published on December 30, 2020 within its e-commerce platform, the data theft began on July 14, 2018 affecting only some usernames and passwords of its customers, in reality the people involved are more than 7.3 million.
… On 7 September 2020 we discovered that some ROMWE customer usernames and passwords found on the dark web may have been stolen from our computer network in July 2018, as determined by internal and legal investigations…
Also according to an internal analysis carried out by ROMWE IT experts, customers who have registered their credit card information in their account would not take any risks as no complete data of that type is stored in the ROMWE databases.
… ROMWE does not keep complete information relating to the customer's credit card.
Given the poor management of their IT systems, the delay with which their IT technicians noticed the data breach, the enormous delay with which notifications relating to data theft were sent to their customers, I would not feel so sure of the statements made by the top management of Chinese society.
ROMWE claims to have discovered the presence of the stolen data inside underground sites on 7 September 2020 but, thanks to the data in our possession, SuspectFile can establish with certainty that more than 180,000 passwords and e-mails were present in the dark web already towards the end of February last year. So, 7 months before the date stated in the ROMWE press release.
The company said it has already warned its customers about the measures they can take to monitor and protect their personal information.
In addition, ROMWE announced that it will provide dark web monitoring free of charge through software company ID Experts. All instructions regarding registration for the monitoring program have been included in the e-mail notice sent to all people potentially involved in the data breach.
The American residents in the state of Maine involved in the data breach are 26,294 , in Montana there are 16,522 while in the state of New Hampshire the residents involved in the data theft are 29,914
Marco A. De Felice aka amvinfe January 1, 2021 No Comments Data Breache-commerceROMWEZoeTop Business
The data breach against ROMWE brought the hacker group 7,341,382 between passwords, e-mail addresses and telephone numbers of users from all over the world registered on the Chinese e-commerce platform that sells clothing. The stolen data are sold in dark web.
The data theft, according to the statements of the company based in Fanling - Hong Kong, would have started on July 14, 2018.
A very long time span of over two years in which the Chinese company ROMWE (ZoeTop Business Co., Ltd. group) was unable to protect its customers residing in Italy, Germany, UK, US, Canada, Australia and in many other states.
According to the press release of ROMWE published on December 30, 2020 within its e-commerce platform, the data theft began on July 14, 2018 affecting only some usernames and passwords of its customers, in reality the people involved are more than 7.3 million.
… On 7 September 2020 we discovered that some ROMWE customer usernames and passwords found on the dark web may have been stolen from our computer network in July 2018, as determined by internal and legal investigations…
Also according to an internal analysis carried out by ROMWE IT experts, customers who have registered their credit card information in their account would not take any risks as no complete data of that type is stored in the ROMWE databases.
… ROMWE does not keep complete information relating to the customer's credit card.
Given the poor management of their IT systems, the delay with which their IT technicians noticed the data breach, the enormous delay with which notifications relating to data theft were sent to their customers, I would not feel so sure of the statements made by the top management of Chinese society.
ROMWE claims to have discovered the presence of the stolen data inside underground sites on 7 September 2020 but, thanks to the data in our possession, SuspectFile can establish with certainty that more than 180,000 passwords and e-mails were present in the dark web already towards the end of February last year. So, 7 months before the date stated in the ROMWE press release.
The company said it has already warned its customers about the measures they can take to monitor and protect their personal information.
In addition, ROMWE announced that it will provide dark web monitoring free of charge through software company ID Experts. All instructions regarding registration for the monitoring program have been included in the e-mail notice sent to all people potentially involved in the data breach.
The American residents in the state of Maine involved in the data breach are 26,294 , in Montana there are 16,522 while in the state of New Hampshire the residents involved in the data theft are 29,914
