Scentbird data breach

Scentbird

What Happened

In June 2020, Scentbird, an online fragrance subscription service, suffered a data breach when malicious actors accessed and exfiltrated a database containing personal information of approximately 5.8 million customers, including names, email addresses, genders, dates of birth, billing and shipping addresses, encrypted passwords (bcrypt hashes), and password strength indicators. The company detected the incident in late June, promptly launched a forensic investigation with third-party experts, notified law enforcement, mandated password resets for users, and enhanced database security, while confirming no credit card details or government IDs were compromised. The breached data was later shared publicly via sites like breachbase.pw and added to services like Have I Been Pwned on July 30, 2020.

Compromised Assets

  • email
  • first name
  • last name
  • password
  • id
  • gender
  • password strength
  • dob
  • registration date

Check your company's
exposed credentials

Enter your work email to instantly access a free account
and see your company’s exposed credentials.

Related Breaches