Dymocks Booksellers Data Breach Exposes Customer Information

Dymocks Booksellers, a popular bookstore chain operating 65 stores in Australia, New Zealand, and Hong Kong, has issued a warning to its customers regarding a data breach. The company’s database was shared on hacking forums, leading to the exposure of personal information.

As an online shop that sells printed books, e-books, stationery supplies, games, and digital media, Dymocks is committed to ensuring the security of its customers’ data. However, on September 6th, 2023, it was informed by Troy Hunt, the creator of the data breach notification service ‘Have I Been Pwned’ (HIBP), that its customer data had been stolen and released on a hacking forum.

In a notice posted on Dymocks’ website, the bookstore assures customers that there is no evidence of penetration on its computer systems. Nevertheless, the company is currently investigating a potential security breach on third-party partners.

The investigation conducted by Dymocks and its contracted experts has revealed that certain customer information has been compromised. This includes full names, dates of birth, email addresses, postal addresses, gender, and membership details such as gold expiry date, account status, account creation date, and card ranking. It is important to note that Dymocks does not store customer financial information, so no financial details have been exposed.

The data leaked online consists of 1.2 million user records for 836,120 unique Dymocks accounts, as confirmed by ‘Have I Been Pwned’. Dymocks has already notified the relevant authorities about the incident and is taking steps to complete its investigation and implement additional security measures to prevent similar incidents in the future.

Despite the data breach, Dymocks reassures its clients that it is still safe to make purchases on its online shop. However, it strongly recommends that users change their account password as a precautionary measure.

Data Already Widely Circulated

Troy Hunt reports that Dymocks customer data has been circulating in various Telegram channels and hacking forums since at least June 2023. This means that cybercriminals have had ample opportunity to exploit the leaked dataset in phishing and scamming attacks targeting Dymocks’ clients.

Recent findings by BleepingComputer indicate that the stolen database was offered for sale on the BreachForums hacking forum. This highlights the potential risks associated with the data breach.

What Dymocks Customers Should Do

While passwords do not appear to have been exposed in the data breach, it is strongly advised that Dymocks customers change their passwords on the site as a precautionary measure. Additionally, if the same password was used on other sites, it should be changed there as well.

When changing passwords, it is crucial to use unique and strong passwords for each site to minimize the impact of data breaches on other accounts. To simplify this process, it is highly recommended to use a password manager.

Lastly, Dymocks customers should remain vigilant for any suspicious emails requesting credit card or login information. These could be targeted phishing scams resulting from the data breach.

Leave a Reply

Your email address will not be published. Required fields are marked *