In 2018, the login details of 39 million Shein accounts were stolen after being targeted by hackers. The company’s owner Zoetop is now being fined $1.9 million over its response.
The fast-fashion platform Shein has become a very popular shopping destination for shoppers looking for the latest trending fashion items at affordable prices. According to the latest statistics, the average item costs around $10.70.
It’s one of the most successful e-commerce businesses and briefly jumped ahead of Amazon on iOS and Android app charts in 2021 as the most downloaded shopping app in the US. The platform is particularly popular with Gen Z and millennial shoppers due to the low prices.
Another popular fashion site owned by Zoetop, Romwe, was also targeted during the breach and it’s b relieved that around seven million users could have been affected.
Shein says it has since taken action to improve its cyber security, but it’s feared that the information of up to 29 million users was stolen and sold online. This data could include names, email addresses, passwords, and even credit card information.
However, New York Attorney General Letitia James claims that after Shein’s parent company Zoetop was targeted by hackers, it lied about the extent of the problem and only notified “a fraction” of the affected customers.
The New York Attorney General’s office has accused Zoetop of failing to keep its customers’ data safe, including over 800,000 customers in New York.
The office continued to highlight the fact that Zoetop lied about the severity of the breach. Its initial reports stated that 6.42 customers were affected by the hack, rather than 29 million, and the majority of users with exposed accounts were not contacted.
Furthermore, it’s alleged that the company didn’t force password resets for the accounts and it told its customers that there was no evidence that payment information had been targeted, which was not true.