What Happened
In 2018, specifically around August (with some sources citing May or mid-year), HauteLook, a fashion e-commerce site owned by Nordstrom, suffered a data breach when hackers exploited a web application vulnerability, compromising over 28 million user accounts as part of a larger incident affecting 617 million records across 16 sites. The exposed data included email addresses, names, dates of birth, genders, geographic locations, and bcrypt-hashed passwords (with one source reporting approximately 12.7 million accounts). The breach was discovered around August 7, 2018, verified by March 2019, and added to databases like Have I Been Pwned, with stolen data sold on the dark web by early 2019; HauteLook/Nordstrom did not issue a public statement but remediated quietly.
