Bonobos

Bonobos operates as a men's clothing retailer headquartered in the United States of America. The company focuses on providing apparel and related products directly to male consumers. In January 2021, Bonobos experienced a significant cybersecurity incident involving unauthorized access to an externally hosted cloud backup file. Threat actors successfully breached a 70GB database containing extensive customer information. This compromised data included approximately 7 million shipping addresses, details for 1.8 million customer accounts, and 3.5 million partial credit card records. Password histories, stored using SHA-256 and SHA-512 hashing algorithms, were also exposed during this breach.

The attackers reportedly managed to crack around 158,000 weaker passwords protected with the SHA-256 algorithm, subsequently using them in credential stuffing attacks. Bonobos confirmed that its internal corporate systems were not compromised and stated that payment information remained unaffected. However, the company acknowledged that customer contact details and encrypted passwords were potentially exposed. In response to the breach, Bonobos invalidated compromised account credentials, reset customer passwords, and notified affected individuals about the exposure of their personal information. The incident stemmed solely from unauthorized access to an external cloud backup, not from a direct infiltration of the company's corporate network infrastructure.