/

Warby Parker Data Breach: What & How It Happened?

Warby Parker Data Breach: What & How It Happened?

Twingate Team

Jun 20, 2024

In 2018, eyewear retailer Warby Parker experienced a cybersecurity attack that targeted a large number of customer accounts. The attackers used stolen username and password combinations from unrelated breaches in an attempt to gain access to these accounts. The breach occurred between late September and late November. Upon discovering the attack, Warby Parker contacted law enforcement and reached out to potentially affected customers, urging them to change their passwords.

How many accounts were compromised?

The breach impacted data related to nearly 200,000 individuals.

What data was leaked?

The data exposed in the breach included stored prescriptions, customer profile data, and compromised usernames and passwords.

How was Warby Parker hacked?

In the Warby Parker breach, hackers utilized credential stuffing attacks, employing stolen usernames and passwords from unrelated data breaches to attempt access to nearly 200,000 customer accounts. The specific methods and tools used by the attackers remain unclear.

Warby Parker's solution

In response to the hack, Warby Parker took several measures to secure its platform and prevent future incidents. This included resetting passwords for the impacted accounts, conducting an internal investigation, and reporting the incident to law enforcement. The company also reached out to potentially affected customers, urging them to change their passwords as a precaution. However, specific actions taken to remove malware, backdoors, or enhance security protocols remain unclear.

How do I know if I was affected?

Warby Parker reached out to affected users following the breach. If you're a Warby Parker customer and haven't received a notification, you may visit Have I Been Pwned to check your credentials.

What should affected users do?

In general, affected users should:

  • Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.

  • Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

  • Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account and any other important online accounts. Consider enabling this additional security feature to significantly reduce the risk of unauthorized access.

  • Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report it immediately to the respective platform or service provider.

For more specific help and instructions related to Warby Parker's data breach, please contact Warby Parker's support directly.

Where can I go to learn more?

If you want to find more information on the Warby Parker data breach, check out the following news articles:

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

Warby Parker Data Breach: What & How It Happened?

Warby Parker Data Breach: What & How It Happened?

Twingate Team

Jun 20, 2024

In 2018, eyewear retailer Warby Parker experienced a cybersecurity attack that targeted a large number of customer accounts. The attackers used stolen username and password combinations from unrelated breaches in an attempt to gain access to these accounts. The breach occurred between late September and late November. Upon discovering the attack, Warby Parker contacted law enforcement and reached out to potentially affected customers, urging them to change their passwords.

How many accounts were compromised?

The breach impacted data related to nearly 200,000 individuals.

What data was leaked?

The data exposed in the breach included stored prescriptions, customer profile data, and compromised usernames and passwords.

How was Warby Parker hacked?

In the Warby Parker breach, hackers utilized credential stuffing attacks, employing stolen usernames and passwords from unrelated data breaches to attempt access to nearly 200,000 customer accounts. The specific methods and tools used by the attackers remain unclear.

Warby Parker's solution

In response to the hack, Warby Parker took several measures to secure its platform and prevent future incidents. This included resetting passwords for the impacted accounts, conducting an internal investigation, and reporting the incident to law enforcement. The company also reached out to potentially affected customers, urging them to change their passwords as a precaution. However, specific actions taken to remove malware, backdoors, or enhance security protocols remain unclear.

How do I know if I was affected?

Warby Parker reached out to affected users following the breach. If you're a Warby Parker customer and haven't received a notification, you may visit Have I Been Pwned to check your credentials.

What should affected users do?

In general, affected users should:

  • Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.

  • Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

  • Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account and any other important online accounts. Consider enabling this additional security feature to significantly reduce the risk of unauthorized access.

  • Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report it immediately to the respective platform or service provider.

For more specific help and instructions related to Warby Parker's data breach, please contact Warby Parker's support directly.

Where can I go to learn more?

If you want to find more information on the Warby Parker data breach, check out the following news articles:

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

Warby Parker Data Breach: What & How It Happened?

Twingate Team

Jun 20, 2024

In 2018, eyewear retailer Warby Parker experienced a cybersecurity attack that targeted a large number of customer accounts. The attackers used stolen username and password combinations from unrelated breaches in an attempt to gain access to these accounts. The breach occurred between late September and late November. Upon discovering the attack, Warby Parker contacted law enforcement and reached out to potentially affected customers, urging them to change their passwords.

How many accounts were compromised?

The breach impacted data related to nearly 200,000 individuals.

What data was leaked?

The data exposed in the breach included stored prescriptions, customer profile data, and compromised usernames and passwords.

How was Warby Parker hacked?

In the Warby Parker breach, hackers utilized credential stuffing attacks, employing stolen usernames and passwords from unrelated data breaches to attempt access to nearly 200,000 customer accounts. The specific methods and tools used by the attackers remain unclear.

Warby Parker's solution

In response to the hack, Warby Parker took several measures to secure its platform and prevent future incidents. This included resetting passwords for the impacted accounts, conducting an internal investigation, and reporting the incident to law enforcement. The company also reached out to potentially affected customers, urging them to change their passwords as a precaution. However, specific actions taken to remove malware, backdoors, or enhance security protocols remain unclear.

How do I know if I was affected?

Warby Parker reached out to affected users following the breach. If you're a Warby Parker customer and haven't received a notification, you may visit Have I Been Pwned to check your credentials.

What should affected users do?

In general, affected users should:

  • Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.

  • Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

  • Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account and any other important online accounts. Consider enabling this additional security feature to significantly reduce the risk of unauthorized access.

  • Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report it immediately to the respective platform or service provider.

For more specific help and instructions related to Warby Parker's data breach, please contact Warby Parker's support directly.

Where can I go to learn more?

If you want to find more information on the Warby Parker data breach, check out the following news articles: