Hims & Hers - Customer Data Breach Exposed
Significant risk — action recommended within 24-48 hours
Basically, hackers stole personal data from Hims & Hers customers through a security breach.
Hims & Hers has reported a data breach affecting customer support data. Sensitive information was accessed by hackers, raising privacy concerns. Customers are advised to stay vigilant against potential scams.
What Happened
Hims & Hers, a prominent telehealth company, recently discovered a significant breach involving its customer service platform. On February 5, suspicious activity was detected on their third-party customer service system. An investigation revealed that between February 4 and February 7, unauthorized access to customer service tickets occurred, leading to the potential exposure of sensitive customer data. The breach was confirmed on March 3, when the company acknowledged that personal information was compromised.
Who's Affected
The breach impacts customers of Hims & Hers, a company that provides subscription-based treatments for various health issues, including hair loss and mental health. With annual revenues nearing $1 billion, the exposure of customer support data is particularly concerning. While medical records and direct doctor communications were not compromised, the stolen data may still include names, contact information, and other details that customers would prefer to keep private.
What Data Was Exposed
The compromised data primarily consists of customer support tickets. Although Hims & Hers has assured that no medical records were involved, the nature of the information exposed raises serious privacy concerns. Even basic contact details can reveal sensitive connections to health-related issues, making this breach particularly alarming for affected individuals.
The Attackers
Reports indicate that the ShinyHunters extortion gang was behind the breach. This group is known for compromising single sign-on (SSO) accounts through social engineering tactics. By impersonating IT support and tricking employees into providing credentials, they can gain access to various connected services, including customer support platforms like Zendesk. This method has previously led to significant breaches at other companies, highlighting a troubling trend in cyberattacks targeting customer service systems.
Why (and How) to Stay Vigilant
In response to the breach, Hims & Hers is offering 12 months of free credit monitoring to affected customers. However, this measure alone may not be sufficient to prevent phishing attacks that exploit the stolen information. Cybercriminals may use the compromised data to craft convincing scams or extortion attempts, potentially targeting victims with personalized communications referencing their health-related purchases.
To protect yourself:
- Take advantage of the free credit monitoring offered by Hims & Hers.
- Be cautious of unsolicited emails or texts that mention your treatments or support history.
- Avoid clicking on suspicious links and do not share personal information with unknown contacts.
- Verify any communications directly with the company through trusted channels.
- Consider using tools that monitor the dark web for your personal information, such as Malwarebytes’ Digital Footprint scanner.
Staying informed and vigilant is crucial in the wake of such breaches, as the risks extend beyond immediate financial concerns to long-term privacy implications.
🔍 How to Check If You're Affected
- 1.Check for any suspicious emails or communications referencing your support tickets.
- 2.Monitor your financial accounts for unauthorized transactions.
- 3.Use a dark web monitoring tool to see if your personal information is being traded.
🔒 Pro insight: The ShinyHunters' tactics highlight the vulnerability of third-party support platforms, necessitating robust security measures across all service providers.