Skip to content
Cyber Breaches
Search
Data breachResolved

Sephora data breach (2017)

In approximately January 2017, the beauty store Sephora suffered a data breach. Impacting customers in South East Asia, Australia and New Zealand, 780k unique email addresses were included in the breach alongside names, genders, dates of birth, ethnicities and other personal information.

Victim
Sephora
records
780.1K
SectorRetail
CountryAustralia

Imported from Have I Been Pwned — pending editorial review and translation to French. The summary below is machine-extracted; consult the source for details.

In 2017-01-09, Sephora was affected by a data breach. Approximately 780,073 accounts were exposed. In approximately January 2017, the beauty store Sephora suffered a data breach. Impacting customers in South East Asia, Australia and New Zealand, 780k unique email addresses were included in the breach alongside names, genders, dates of birth, ethnicities and other personal information.

Sources

  1. haveibeenpwned.comhttps://haveibeenpwned.com/PwnedWebsites#Sephora
  2. sephora.com.auhttps://sephora.com.au

Related incidents

Data breachResolved

digiDirect data breach (2024)

In September 2024, a data breach sourced from the Australian retailer digiDirect was published to a popular hacking forum. The breach exposed over 300k rows of data including email and physical address, name, phone number and date of birth.

Victim
digiDirect
Records
304.3K
Data breachResolved

Dymocks data breach (2023)

In September 2023, the Australian book retailer Dymocks announced a data breach. The data dated back to June 2023 and contained 1.2M records with 836k unique email addresses. The breach also exposed names, dates of birth, genders, phone numbers and physical addresses.

Victim
Dymocks
Records
836.1K
Data breachResolved

PetFlow data breach (2017)

In December 2017, the pet care delivery service PetFlow suffered a data breach which consequently appeared for sale on a dark web marketplace. Almost 1M accounts were impacted and exposed email addresses and passwords stored as unsalted MD5 hashes.

Victim
PetFlow
Records
990.9K