The breach, which happened in February, was disclosed to victims this week.
Lifestyle and entertainment company PopSugar, Inc. has revealed it suffered a huge data breach that went undisclosed for two months.
The US corporation, which publishes a pop culture website among other ventures, was hit by a data leak in February when an unknown attacker hacked into its systems.
Personal details belonging to 123,857 people were accessed by “an unauthorized third party”, a statement read.
Usernames, email addresses, and hashed passwords were among the credentials stolen.
The hack occurred in February and was discovered on April 30 – but the leak was only reported to users this week.
This delay has enraged some consumers who have taken to Twitter to complain.
One PopSugar user tweeted: “They couldn’t find my email earlier? Didn’t take the crackers as long.”
PopSugar has informed the relevant authorities in California, where the company is based.
Users are being encouraged to reset their passwords as a safety precaution and PopSugar has claimed it is “enhancing” its security in light of the leak.
The Daily Swig has reached out to the company for comment.