Hi Guys,

Please see below the details of four recent massive data breaches. Have you ever used any of these services?

Shopper+ – 878,290 breached accounts
In March 2023, “Canada’s online shopping mall” Shopper+ disclosed a data breach discovered on a public hacking forum. The breach dated back to September 2020 and included 878k customer records with email and physical addresses, names, phone numbers and in some cases, genders and dates of birth.

HDB Financial Services – 1,658,750 breached accounts
In March 2023, the Indian non-bank lending unit HDB Financial Services suffered a data breach that disclosed over 70M customer records. Containing 1.6M unique email addresses, the breach also disclosed names, dates of birth, phone numbers, genders, post codes and loan information belonging to the customers.

iD Tech – 415,121 breached accounts
In February 2023, the tech camps for kids service iD Tech had almost 1M records posted to a popular hacking forum. The data included 415k unique email addresses, names, dates of birth and plain text passwords which appear to have been breached in the previous month. iD Tech did not respond to multiple attempts to report the incident.

LBB – 39,288 breached accounts
In August 2022, customer data of the Indian shopping site “LBB” (Little Black Book) was posted to a popular hacking forum. The data contained over 3M records with 39k unique email addresses alongside IP and physical addresses, names and device information with the most recent data dating back to early 2019. LBB advised they believe the data was exposed by a third party service and whilst it contained information they retain on their customers, it had also been enriched with additional data attributes.

Please take the following actions if you have ever used one of these services

  • Change your password immediately, and make sure your new password is strong and unique. Use a combination of upper and lowercase letters, numbers, and symbols. Avoid using the same password for multiple accounts.
  • Enable two-factor authentication (2FA) for your accounts wherever possible. Doing this will add an extra layer of security by requiring a secondary authentication method, such as a code sent to your phone and your password.
  • Use a reputable password manager tool to store your passwords securely. This can help you generate and remember strong, unique passwords for all your accounts.
  • Check if your email address has been involved in a data breach using a tool such as Incognito’s Email Hack Check. If your email address has been compromised, take action to secure your accounts and change any passwords that may have been affected.
  • Monitor your accounts and financial statements regularly for any suspicious activity. If you notice any unauthorized access or transactions, report them to your bank or financial institution immediately.
  • Contact them immediately and demand compensation for any losses or damages resulting from the data breach. You should also ask them about any identity theft protection services they offer.

Please let me know if you need any help in relation to this.

All the best,
Max Roberts,
Incognito Privacy Care Team