What Happened
In June 2020, Scentbird, an online fragrance subscription service, suffered a data breach when malicious actors accessed and exfiltrated a database containing personal information of approximately 5.8 million customers, including names, email addresses, genders, dates of birth, billing and shipping addresses, encrypted passwords (bcrypt hashes), and password strength indicators. The company detected the incident in late June, promptly launched a forensic investigation with third-party experts, notified law enforcement, mandated password resets for users, and enhanced database security, while confirming no credit card details or government IDs were compromised. The breached data was later shared publicly via sites like breachbase.pw and added to services like Have I Been Pwned on July 30, 2020.
