Hackers stole email addresses and encrypted passwords.
Retail website SheIn.com has notified customers of a serious data breach after malicious hackers stole the details of 6.42 million people.
The ‘affordable fashion’ site, which ships worldwide, was made aware of the cyber-attack on August 22, though it is believed to have started in June.
During an investigation, the company’s servers were scanned and malware was found, which was later removed.
Email addresses and encrypted passwords were taken, although it isn’t clear whether any other data was affected.
In a statement, SheIn said the hackers were able to infiltrate servers through “back door entry points”, which were later closed and removed.
The company said it has employed a “leading international forensic cybersecurity firm” to lead the investigation and prevent against any future breaches.
SheIn has encouraged users to change their passwords and said it has notified anyone they believe could have been affected.
Customers can also call SheIn on +44 (0)800 802 1077.
SheIn isn’t the first fashion website to suffer at the hands of hackers.
In April, Saks Fifth Avenue reported that five million customers’ details were breached in a hack affecting the company and its subsidiaries, including Lord & Taylor.
It later emerged that the incident, which saw card details and other information stolen, went undetected for nine months.
Another April incident saw hundreds of e-commerce sites targeted in an attack on the Magneto platform, which delivered cryptomining malware and scraped card details.
The Daily Swig has reached out to SheIn for comment.